Fix ssl compatibility with older clients, prefer chacha20-poly1305 if possible

2019-03-27 03:00:44 +01:00 · 2019-03-27 03:00:44 +01:00 · 5ab20317d0
commit 5ab20317d0
parent cdd0f9cda3
1 changed files with 1 additions and 1 deletions
--- a/src/Crypt/CryptConnection.py
+++ b/src/Crypt/CryptConnection.py
@ -39,7 +39,7 @@ class CryptConnectionManager:
    # Return: wrapped socket
    def wrapSocket(self, sock, crypt, server=False, cert_pin=None):
        if crypt == "tls-rsa":
-            ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CBC-SHA:ECDHE-ECDSA-AES128-CBC-SHA:ECDHE-RSA-AES128-CBC-SHA:ECDHE-RSA-AES256-CBC-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:RSA-AES128-SHA:RSA-AES256-SHA:RSA-DES-192-CBC3-SHA:"
+            ciphers = "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:AES128-SHA256:AES256-SHA:"
            ciphers += "!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK"
            if server:
                sock_wrapped = ssl.wrap_socket(