Show More
| @@ -44,19 +44,17 b' configprotocols = {' | |||||
| 44 |
|
44 | |||
| 45 | hassni = getattr(ssl, 'HAS_SNI', False) |
|
45 | hassni = getattr(ssl, 'HAS_SNI', False) | |
| 46 |
|
46 | |||
| 47 | # TLS 1.1 and 1.2 may not be supported if the OpenSSL Python is compiled |
|
47 | # ssl.HAS_TLSv1* are preferred to check support but they were added in Python | |
| 48 | # against doesn't support them. |
|
48 | # 3.7. Prior to CPython commit 6e8cda91d92da72800d891b2fc2073ecbc134d98 | |
| 49 | # FIXME: Since CPython commit 6e8cda91d92da72800d891b2fc2073ecbc134d98 |
|
49 | # (backported to the 3.7 branch), ssl.PROTOCOL_TLSv1_1 / ssl.PROTOCOL_TLSv1_2 | |
| 50 | # individual TLS versions can be turned on and off, and the |
|
50 | # were defined only if compiled against a OpenSSL version with TLS 1.1 / 1.2 | |
| 51 | # ssl.PROTOCOL_TLSv1_* constants are always defined. |
|
51 | # support. At the mentioned commit, they were unconditionally defined. | |
| 52 | # This means that, on unusual configurations, the following dict may contain |
|
52 | supportedprotocols = set() | |
| 53 | # too many entries. A proper fix would be to check ssl.HAS_TLSv* where |
|
53 | if getattr(ssl, 'HAS_TLSv1', util.safehasattr(ssl, 'PROTOCOL_TLSv1')): | |
| 54 | # available (Python 3.7+). Before that, this module should be proofed against |
|
54 | supportedprotocols.add(b'tls1.0') | |
| 55 | # all possible combinations. |
|
55 | if getattr(ssl, 'HAS_TLSv1_1', util.safehasattr(ssl, 'PROTOCOL_TLSv1_1')): | |
| 56 | supportedprotocols = {b'tls1.0'} |
|
|||
| 57 | if util.safehasattr(ssl, b'PROTOCOL_TLSv1_1'): |
|
|||
| 58 | supportedprotocols.add(b'tls1.1') |
|
56 | supportedprotocols.add(b'tls1.1') | |
| 59 |
if util.safehasattr(ssl, |
|
57 | if getattr(ssl, 'HAS_TLSv1_2', util.safehasattr(ssl, 'PROTOCOL_TLSv1_2')): | |
| 60 | supportedprotocols.add(b'tls1.2') |
|
58 | supportedprotocols.add(b'tls1.2') | |
| 61 |
|
59 | |||
| 62 |
|
60 | |||
General Comments 0
You need to be logged in to leave comments.
Login now