diff options
Diffstat (limited to 'libmproxy')
| -rw-r--r-- | libmproxy/cmdline.py | 10 | ||||
| -rw-r--r-- | libmproxy/proxy/config.py | 20 |
2 files changed, 6 insertions, 24 deletions
diff --git a/libmproxy/cmdline.py b/libmproxy/cmdline.py index 1d897717..591e87ed 100644 --- a/libmproxy/cmdline.py +++ b/libmproxy/cmdline.py @@ -2,7 +2,7 @@ from __future__ import absolute_import import os import re import configargparse -from netlib.tcp import Address +from netlib.tcp import Address, sslversion_choices import netlib.utils @@ -423,15 +423,15 @@ def proxy_ssl_options(parser): group.add_argument( "--ssl-version-client", dest="ssl_version_client", default="secure", action="store", - choices=config.sslversion_choices.keys(), - help="Set supported SSL/TLS version for client connections. " + choices=sslversion_choices.keys(), + help="Set supported SSL/TLS versions for client connections. " "SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure, which is TLS1.0+." ) group.add_argument( "--ssl-version-server", dest="ssl_version_server", default="secure", action="store", - choices=config.sslversion_choices.keys(), - help="Set supported SSL/TLS version for server connections. " + choices=sslversion_choices.keys(), + help="Set supported SSL/TLS versions for server connections. " "SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure, which is TLS1.0+." ) diff --git a/libmproxy/proxy/config.py b/libmproxy/proxy/config.py index 8ab5a216..415ee215 100644 --- a/libmproxy/proxy/config.py +++ b/libmproxy/proxy/config.py @@ -8,7 +8,7 @@ from netlib import certutils, tcp from netlib.http import authentication from .. import utils, platform -from netlib.tcp import Address +from netlib.tcp import Address, sslversion_choices CONF_BASENAME = "mitmproxy" CA_DIR = "~/.mitmproxy" @@ -98,24 +98,6 @@ class ProxyConfig: self.openssl_trusted_ca_server = ssl_verify_upstream_trusted_ca -""" -Map a reasonable SSL version specification into the format OpenSSL expects. -Don't ask... -https://bugs.launchpad.net/pyopenssl/+bug/1020632/comments/3 -""" -sslversion_choices = { - "all": (SSL.SSLv23_METHOD, 0), - # SSLv23_METHOD + NO_SSLv2 + NO_SSLv3 == TLS 1.0+ - # TLSv1_METHOD would be TLS 1.0 only - "secure": (SSL.SSLv23_METHOD, (SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)), - "SSLv2": (SSL.SSLv2_METHOD, 0), - "SSLv3": (SSL.SSLv3_METHOD, 0), - "TLSv1": (SSL.TLSv1_METHOD, 0), - "TLSv1_1": (SSL.TLSv1_1_METHOD, 0), - "TLSv1_2": (SSL.TLSv1_2_METHOD, 0), -} - - def process_proxy_options(parser, options): body_size_limit = utils.parse_size(options.body_size_limit) |