diff options
| author | Aldo Cortesi <aldo@nullcube.com> | 2015-06-18 12:18:22 +1200 |
|---|---|---|
| committer | Aldo Cortesi <aldo@nullcube.com> | 2015-06-18 12:18:22 +1200 |
| commit | 6e301f37d0597d86008c440f62526f906f0ae9f4 (patch) | |
| tree | d02d1bea1b60da51efacc9061f5d569db5f50be9 | |
| parent | 4152b14387e1fd59f388f695ac468be2a888caa2 (diff) | |
| download | mitmproxy-6e301f37d0597d86008c440f62526f906f0ae9f4.tar.gz mitmproxy-6e301f37d0597d86008c440f62526f906f0ae9f4.tar.bz2 mitmproxy-6e301f37d0597d86008c440f62526f906f0ae9f4.zip | |
Only set OP_NO_COMPRESSION by default if it exists in our version of OpenSSL
We'll need to start testing under both new and old versions of OpenSSL
somehow to catch these...
| -rw-r--r-- | netlib/tcp.py | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/netlib/tcp.py b/netlib/tcp.py index a1d1fe62..52ebc3c0 100644 --- a/netlib/tcp.py +++ b/netlib/tcp.py @@ -22,6 +22,17 @@ TLSv1_METHOD = SSL.TLSv1_METHOD TLSv1_1_METHOD = SSL.TLSv1_1_METHOD TLSv1_2_METHOD = SSL.TLSv1_2_METHOD + +SSL_DEFAULT_OPTIONS = ( + SSL.OP_NO_SSLv2 | + SSL.OP_NO_SSLv3 | + SSL.OP_CIPHER_SERVER_PREFERENCE +) + +if hasattr(SSL, "OP_NO_COMPRESSION"): + SSL_DEFAULT_OPTIONS |= SSL.OP_NO_COMPRESSION + + class NetLibError(Exception): pass @@ -365,7 +376,7 @@ class _Connection(object): def _create_ssl_context(self, method=SSLv23_METHOD, - options=(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 | SSL.OP_CIPHER_SERVER_PREFERENCE | SSL.OP_NO_COMPRESSION), + options=SSL_DEFAULT_OPTIONS, verify_options=SSL.VERIFY_NONE, ca_path=None, ca_pemfile=None, |