oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Force SSLv23

Browse source
This commit is contained in:
shortcutme 2017-04-06 23:22:55 +02:00
parent e15cb8a43d
commit 929432d469
No known key found for this signature in database
GPG key ID: 5B63BAE6CB9613AE
1 changed files with 6 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
src/util/SslPatch.py
View file

@ -83,7 +83,9 @@ def new_sslwrap(
cert_reqs=__ssl__.CERT_NONE, ssl_version=__ssl__.PROTOCOL_SSLv23, cert_reqs=__ssl__.CERT_NONE, ssl_version=__ssl__.PROTOCOL_SSLv23,
ca_certs=None, ciphers=None ca_certs=None, ciphers=None
): ):
context = __ssl__.SSLContext(ssl_version) context = __ssl__.SSLContext(ssl.PROTOCOL_SSLv23)
context.options |= ssl.OP_NO_SSLv2
context.options |= ssl.OP_NO_SSLv3
context.verify_mode = cert_reqs or __ssl__.CERT_NONE context.verify_mode = cert_reqs or __ssl__.CERT_NONE
if ca_certs: if ca_certs:
context.load_verify_locations(ca_certs) context.load_verify_locations(ca_certs)
@ -113,9 +115,8 @@ try:
except Exception, err: except Exception, err:
pass pass
# Fix PROTOCOL_SSLv3 not defined # Redirect insecure SSLv2 and v3
if "PROTOCOL_SSLv3" not in dir(__ssl__): __ssl__.PROTOCOL_SSLv2 = __ssl__.PROTOCOL_SSLv3 = __ssl__.PROTOCOL_SSLv23
__ssl__.PROTOCOL_SSLv3 = __ssl__.PROTOCOL_SSLv23
logging.debug("Redirected PROTOCOL_SSLv3 to PROTOCOL_SSLv23.")
logging.debug("Python SSL version: %s" % __ssl__.OPENSSL_VERSION) logging.debug("Python SSL version: %s" % __ssl__.OPENSSL_VERSION)