Python "ssl.SSLError: WRONG_VERSION_NUMBER" in CI
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] means the client started a TLS handshake but the server replied with plaintext. It almost always means an https client is talking to an http-only port or a service that is not speaking TLS.
What this error means
A request fails with "ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number" during connection setup.
python
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1006)Common causes
https URL pointed at a plaintext port
The scheme is https but the target service or test container only serves plain HTTP on that port.
A service container not yet ready with TLS
A local TLS-terminating proxy had not finished starting, so it answered in plaintext.
How to fix it
Use the right scheme and port
- If the service is plaintext, change the URL to http:// (or point at the TLS port).
- For local containers, wait until the TLS endpoint is actually serving before connecting.
- Confirm a TLS-terminating proxy is in front of services you call over https.
Python
# plaintext service -> use http, not https
BASE_URL = "http://localhost:8080"How to prevent it
- On Latchkey managed runners, transient TLS handshake failures during service startup are auto-retried while containers warm up.
- Match URL scheme to what the service actually serves.
- Gate https calls on a readiness check of the TLS port.
Related guides
Python "requests.exceptions.ConnectionError: Max retries exceeded" in CIFix "requests.exceptions.ConnectionError: Max retries exceeded with url" in CI - requests could not establish…
Python "ConnectionResetError" from a test client in CIFix "ConnectionResetError: [Errno 104] Connection reset by peer" in CI - the remote end closed a socket while…
Python "TimeoutError" on a socket in CIFix "TimeoutError" / "socket.timeout" in CI - a socket operation exceeded its timeout, usually a slow or unre…