move sslversion mapping to netlib

author: Maximilian Hils <git@maximilianhils.com> 2015-08-29 12:30:35 +0200
committer: Maximilian Hils <git@maximilianhils.com> 2015-08-29 12:30:35 +0200
commit: 1265945f55604f32d99c3dd7c1efd13b3f2ecd9b (patch)
tree: 04cc7adc6e4d748c249f78b48e85ad8b4822e6b3 /netlib
parent: 982d8000c420937da532d1c584e3ca7a86c5f3e8 (diff)
download: mitmproxy-1265945f55604f32d99c3dd7c1efd13b3f2ecd9b.tar.gz
mitmproxy-1265945f55604f32d99c3dd7c1efd13b3f2ecd9b.tar.bz2
mitmproxy-1265945f55604f32d99c3dd7c1efd13b3f2ecd9b.zip
1 files changed, 17 insertions, 0 deletions
diff --git a/netlib/tcp.py b/netlib/tcp.py
index 9dfa8d22..0d83816b 100644
--- a/netlib/tcp.py
+++ b/netlib/tcp.py
@@ -32,6 +32,23 @@ SSL_DEFAULT_OPTIONS = (
 if hasattr(SSL, "OP_NO_COMPRESSION"):
     SSL_DEFAULT_OPTIONS |= SSL.OP_NO_COMPRESSION
 
+"""
+Map a reasonable SSL version specification into the format OpenSSL expects.
+Don't ask...
+https://bugs.launchpad.net/pyopenssl/+bug/1020632/comments/3
+"""
+sslversion_choices = {
+    "all": (SSL.SSLv23_METHOD, 0),
+    # SSLv23_METHOD + NO_SSLv2 + NO_SSLv3 == TLS 1.0+
+    # TLSv1_METHOD would be TLS 1.0 only
+    "secure": (SSL.SSLv23_METHOD, (SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)),
+    "SSLv2": (SSL.SSLv2_METHOD, 0),
+    "SSLv3": (SSL.SSLv3_METHOD, 0),
+    "TLSv1": (SSL.TLSv1_METHOD, 0),
+    "TLSv1_1": (SSL.TLSv1_1_METHOD, 0),
+    "TLSv1_2": (SSL.TLSv1_2_METHOD, 0),
+}
+
 
 class NetLibError(Exception):
     pass
author	Maximilian Hils <git@maximilianhils.com>	2015-08-29 12:30:35 +0200
committer	Maximilian Hils <git@maximilianhils.com>	2015-08-29 12:30:35 +0200
commit	1265945f55604f32d99c3dd7c1efd13b3f2ecd9b (patch)
tree	04cc7adc6e4d748c249f78b48e85ad8b4822e6b3 /netlib
parent	982d8000c420937da532d1c584e3ca7a86c5f3e8 (diff)
download	mitmproxy-1265945f55604f32d99c3dd7c1efd13b3f2ecd9b.tar.gz mitmproxy-1265945f55604f32d99c3dd7c1efd13b3f2ecd9b.tar.bz2 mitmproxy-1265945f55604f32d99c3dd7c1efd13b3f2ecd9b.zip