diff options
author | Aldo Cortesi <aldo@corte.si> | 2013-12-07 15:51:44 -0800 |
---|---|---|
committer | Aldo Cortesi <aldo@corte.si> | 2013-12-07 15:51:44 -0800 |
commit | 98a580cf69f781f673701679623522f33389364f (patch) | |
tree | dcc80b07366a56fda09eca98ab3960929c47db5d | |
parent | af8f98d493095fe996c076e4dd365d5c0093c871 (diff) | |
parent | d5b3e397e142ae60275fb89ea765423903e99bb6 (diff) | |
download | mitmproxy-98a580cf69f781f673701679623522f33389364f.tar.gz mitmproxy-98a580cf69f781f673701679623522f33389364f.tar.bz2 mitmproxy-98a580cf69f781f673701679623522f33389364f.zip |
Merge pull request #19 from rouli/ciphersuites
adding cipher list selection option to BaseHandler
-rw-r--r-- | netlib/tcp.py | 4 | ||||
-rw-r--r-- | netlib/test.py | 3 | ||||
-rw-r--r-- | test/test_tcp.py | 25 |
3 files changed, 30 insertions, 2 deletions
diff --git a/netlib/tcp.py b/netlib/tcp.py index c632ec67..8fe04d2e 100644 --- a/netlib/tcp.py +++ b/netlib/tcp.py @@ -267,7 +267,7 @@ class BaseHandler: self.clientcert = None - def convert_to_ssl(self, cert, key, method=SSLv23_METHOD, options=None, handle_sni=None, request_client_cert=False): + def convert_to_ssl(self, cert, key, method=SSLv23_METHOD, options=None, handle_sni=None, request_client_cert=False, cipher_list=None): """ cert: A certutils.SSLCert object. method: One of SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, or TLSv1_METHOD @@ -295,6 +295,8 @@ class BaseHandler: ctx = SSL.Context(method) if not options is None: ctx.set_options(options) + if cipher_list: + ctx.set_cipher_list(cipher_list) if handle_sni: # SNI callback happens during do_handshake() ctx.set_tlsext_servername_callback(handle_sni) diff --git a/netlib/test.py b/netlib/test.py index 87802bd5..e7d4c233 100644 --- a/netlib/test.py +++ b/netlib/test.py @@ -66,7 +66,8 @@ class TServer(tcp.TCPServer): method = method, options = options, handle_sni = getattr(h, "handle_sni", None), - request_client_cert = self.ssl["request_client_cert"] + request_client_cert = self.ssl["request_client_cert"], + cipher_list = self.ssl.get("cipher_list", None) ) h.handle() h.finish() diff --git a/test/test_tcp.py b/test/test_tcp.py index 318d2abc..8fa151af 100644 --- a/test/test_tcp.py +++ b/test/test_tcp.py @@ -34,6 +34,15 @@ class CertHandler(tcp.BaseHandler): self.wfile.flush() +class ClientCipherListHandler(tcp.BaseHandler): + sni = None + + def handle(self): + print self.connection.get_cipher_list() + self.wfile.write("%s"%self.connection.get_cipher_list()) + self.wfile.flush() + + class DisconnectHandler(tcp.BaseHandler): def handle(self): self.close() @@ -180,6 +189,22 @@ class TestSNI(test.ServerTestBase): assert c.rfile.readline() == "foo.com" +class TestClientCipherList(test.ServerTestBase): + handler = ClientCipherListHandler + ssl = dict( + cert = tutils.test_data.path("data/server.crt"), + key = tutils.test_data.path("data/server.key"), + request_client_cert = False, + v3_only = False, + cipher_list = 'RC4-SHA' + ) + def test_echo(self): + c = tcp.TCPClient("127.0.0.1", self.port) + c.connect() + c.convert_to_ssl(sni="foo.com") + assert c.rfile.readline() == "['RC4-SHA']" + + class TestSSLDisconnect(test.ServerTestBase): handler = DisconnectHandler ssl = dict( |