Skip to content
Latchkey

Python "ssl.SSLError: WRONG_VERSION_NUMBER" in CI

ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] means the client started a TLS handshake but the server replied with plaintext. It almost always means an https client is talking to an http-only port or a service that is not speaking TLS.

What this error means

A request fails with "ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number" during connection setup.

python
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1006)

Common causes

https URL pointed at a plaintext port

The scheme is https but the target service or test container only serves plain HTTP on that port.

A service container not yet ready with TLS

A local TLS-terminating proxy had not finished starting, so it answered in plaintext.

How to fix it

Use the right scheme and port

  1. If the service is plaintext, change the URL to http:// (or point at the TLS port).
  2. For local containers, wait until the TLS endpoint is actually serving before connecting.
  3. Confirm a TLS-terminating proxy is in front of services you call over https.
Python
# plaintext service -> use http, not https
BASE_URL = "http://localhost:8080"

How to prevent it

  • On Latchkey managed runners, transient TLS handshake failures during service startup are auto-retried while containers warm up.
  • Match URL scheme to what the service actually serves.
  • Gate https calls on a readiness check of the TLS port.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →