> I suggest using socket.dup(sslsock) to simply create a non-encrypted > copy of the socket, and switch to using that copy. There's no way to > "unwrap" an SSLSocket. But shouldn't there be a way to invoke SSL_shutdown? You need to get the close_notify alert message sent, IIUC. Regards, Martin