From 9201b62f1829863bf1ab5d90f10e312890294056 Mon Sep 17 00:00:00 2001
From: Sebastian Lohff <seba@someserver.de>
Date: Tue, 17 Mar 2015 23:32:20 +0100
Subject: [PATCH] Use TLS1.2 / TLS1 with --ssl if available

---
 servefile | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/servefile b/servefile
index 58deec1..fd82c3e 100755
--- a/servefile
+++ b/servefile
@@ -645,7 +645,19 @@ def catchSSLErrors(BaseSSLClass):
 class SecureThreadedHTTPServer(ThreadedHTTPServer):
 	def __init__(self, pubKey, privKey, server_address, RequestHandlerClass, bind_and_activate=True):
 		ThreadedHTTPServer.__init__(self, server_address, RequestHandlerClass, bind_and_activate)
-		ctx = SSL.Context(SSL.SSLv23_METHOD)
+
+		# choose TLS1.2 or TLS1, if available
+		sslMethod = None
+		if hasattr(SSL, "TLSv1_2_METHOD"):
+			sslMethod = SSL.TLSv1_2_METHOD
+		elif hasattr(SSL, "TLSv1_METHOD"):
+			sslMethod = SSL.TLSv1_METHOD
+		else:
+			# only SSLv23 available
+			print("Warning: Only SSLv2/SSLv3 is available, connection might be insecure.")
+			sslMethod = SSL.SSLv23_METHOD
+
+		ctx = SSL.Context(sslMethod)
 		if type(pubKey) is crypto.X509 and type(privKey) is crypto.PKey:
 			ctx.use_certificate(pubKey)
 			ctx.use_privatekey(privKey)