Commit 37e6a4f7 authored by Vincent Pelletier's avatar Vincent Pelletier

caucase.http: Silence ssl.OP_NO_{SSL,TLS}* deprecation warning.

parent 5af60b32
...@@ -279,6 +279,8 @@ def startServerThread(server): ...@@ -279,6 +279,8 @@ def startServerThread(server):
server_thread.daemon = True server_thread.daemon = True
server_thread.start() server_thread.start()
TLSVersion = getattr(ssl, 'TLSVersion', None)
def getSSLContext( def getSSLContext(
key_len, key_len,
threshold, threshold,
...@@ -299,8 +301,12 @@ def getSSLContext( ...@@ -299,8 +301,12 @@ def getSSLContext(
# SSL is used for client authentication, and is only required for very few # SSL is used for client authentication, and is only required for very few
# users on any given caucased. So make ssl_context even stricter than python # users on any given caucased. So make ssl_context even stricter than python
# does. # does.
# No TLSv1 and TLSv1.1, leaving (currently) only TLSv1.2 # No TLSv1 and TLSv1.1
ssl_context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 if TLSVersion is None: # pragma: no cover
# BBB: py<3.7
ssl_context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
else: # pragma: no cover
ssl_context.minimum_version = TLSVersion.TLSv1_2
# If a client wishes to use https for unauthenticated operations, that's # If a client wishes to use https for unauthenticated operations, that's
# fine too. # fine too.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment