Commit 37e6a4f7 authored by Vincent Pelletier's avatar Vincent Pelletier

caucase.http: Silence ssl.OP_NO_{SSL,TLS}* deprecation warning.

parent 5af60b32
......@@ -279,6 +279,8 @@ def startServerThread(server):
server_thread.daemon = True
server_thread.start()
TLSVersion = getattr(ssl, 'TLSVersion', None)
def getSSLContext(
key_len,
threshold,
......@@ -299,8 +301,12 @@ def getSSLContext(
# SSL is used for client authentication, and is only required for very few
# users on any given caucased. So make ssl_context even stricter than python
# does.
# No TLSv1 and TLSv1.1, leaving (currently) only TLSv1.2
ssl_context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
# No TLSv1 and TLSv1.1
if TLSVersion is None: # pragma: no cover
# BBB: py<3.7
ssl_context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
else: # pragma: no cover
ssl_context.minimum_version = TLSVersion.TLSv1_2
# If a client wishes to use https for unauthenticated operations, that's
# fine too.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment