Use TLS1.2 / TLS1 with --ssl if available

This commit is contained in:
Sebastian Lohff 2015-03-17 23:32:20 +01:00
parent 6b85d23752
commit 9201b62f18
1 changed files with 13 additions and 1 deletions

View File

@ -645,7 +645,19 @@ def catchSSLErrors(BaseSSLClass):
class SecureThreadedHTTPServer(ThreadedHTTPServer): class SecureThreadedHTTPServer(ThreadedHTTPServer):
def __init__(self, pubKey, privKey, server_address, RequestHandlerClass, bind_and_activate=True): def __init__(self, pubKey, privKey, server_address, RequestHandlerClass, bind_and_activate=True):
ThreadedHTTPServer.__init__(self, server_address, RequestHandlerClass, bind_and_activate) ThreadedHTTPServer.__init__(self, server_address, RequestHandlerClass, bind_and_activate)
ctx = SSL.Context(SSL.SSLv23_METHOD)
# choose TLS1.2 or TLS1, if available
sslMethod = None
if hasattr(SSL, "TLSv1_2_METHOD"):
sslMethod = SSL.TLSv1_2_METHOD
elif hasattr(SSL, "TLSv1_METHOD"):
sslMethod = SSL.TLSv1_METHOD
else:
# only SSLv23 available
print("Warning: Only SSLv2/SSLv3 is available, connection might be insecure.")
sslMethod = SSL.SSLv23_METHOD
ctx = SSL.Context(sslMethod)
if type(pubKey) is crypto.X509 and type(privKey) is crypto.PKey: if type(pubKey) is crypto.X509 and type(privKey) is crypto.PKey:
ctx.use_certificate(pubKey) ctx.use_certificate(pubKey)
ctx.use_privatekey(privKey) ctx.use_privatekey(privKey)