From a0e4bba7aa41ed85febb35838f363f8482b73f58 Mon Sep 17 00:00:00 2001
From: Thomas Kriechbaumer <thomas@kriechbaumer.name>
Date: Sun, 29 May 2016 15:13:08 +0200
Subject: more style cleanup

---
 .travis.yml               |  2 +-
 mitmproxy/protocol/tls.py | 26 ++++++++++++++------------
 mitmproxy/proxy/config.py | 10 +++++++++-
 3 files changed, 24 insertions(+), 14 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index fb579ac1..435c2ff8 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -46,7 +46,7 @@ install:
 before_script:
   - "openssl version -a"
   - "python -c \"from OpenSSL import SSL; print(SSL.SSLeay_version(SSL.SSLEAY_VERSION))\""
-  - "[[ $(flake8 -qq --count --exit-zero mitmproxy netlib pathod examples test) -le 12 ]]"
+  - "[[ $(flake8 -qq --count --exit-zero mitmproxy netlib pathod examples test) -le 3 ]]"
 
 script:
   - "py.test --timeout 60 --cov netlib --cov mitmproxy --cov pathod ./test/$SCOPE"
diff --git a/mitmproxy/protocol/tls.py b/mitmproxy/protocol/tls.py
index 5facff73..e0699562 100644
--- a/mitmproxy/protocol/tls.py
+++ b/mitmproxy/protocol/tls.py
@@ -273,9 +273,9 @@ class TlsClientHello(object):
     def sni(self):
         for extension in self._client_hello.extensions:
             is_valid_sni_extension = (
-                extension.type == 0x00
-                and len(extension.server_names) == 1
-                and extension.server_names[0].type == 0
+                extension.type == 0x00 and
+                len(extension.server_names) == 1 and
+                extension.server_names[0].type == 0
             )
             if is_valid_sni_extension:
                 return extension.server_names[0].name
@@ -362,17 +362,17 @@ class TlsLayer(Layer):
         #      what is supported by the server
         #  2.5 The client did not sent a SNI value, we don't know the certificate subject.
         client_tls_requires_server_connection = (
-            self._server_tls
-            and not self.config.no_upstream_cert
-            and (
-                self.config.add_upstream_certs_to_client_chain
-                or self._client_hello.alpn_protocols
-                or not self._client_hello.sni
+            self._server_tls and
+            not self.config.no_upstream_cert and
+            (
+                self.config.add_upstream_certs_to_client_chain or
+                self._client_hello.alpn_protocols or
+                not self._client_hello.sni
             )
         )
         establish_server_tls_now = (
-            (self.server_conn and self._server_tls)
-            or client_tls_requires_server_connection
+            (self.server_conn and self._server_tls) or
+            client_tls_requires_server_connection
         )
 
         if self._client_tls and establish_server_tls_now:
@@ -508,7 +508,9 @@ class TlsLayer(Layer):
             # We only support http/1.1 and h2.
             # If the server only supports spdy (next to http/1.1), it may select that
             # and mitmproxy would enter TCP passthrough mode, which we want to avoid.
-            deprecated_http2_variant = lambda x: x.startswith(b"h2-") or x.startswith(b"spdy")
+            def deprecated_http2_variant(x):
+                return x.startswith(b"h2-") or x.startswith(b"spdy")
+
             if self._client_hello.alpn_protocols:
                 alpn = [x for x in self._client_hello.alpn_protocols if not deprecated_http2_variant(x)]
             else:
diff --git a/mitmproxy/proxy/config.py b/mitmproxy/proxy/config.py
index 5587e111..b08470bd 100644
--- a/mitmproxy/proxy/config.py
+++ b/mitmproxy/proxy/config.py
@@ -17,7 +17,15 @@ CA_DIR = "~/.mitmproxy"
 
 # We manually need to specify this, otherwise OpenSSL may select a non-HTTP2 cipher by default.
 # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=apache-2.2.15&openssl=1.0.2&hsts=yes&profile=old
-DEFAULT_CLIENT_CIPHERS = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
+DEFAULT_CLIENT_CIPHERS = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:" \
+    "ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:" \
+    "ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:" \
+    "ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:" \
+    "DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:" \
+    "DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:" \
+    "AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:" \
+    "HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:" \
+    "!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
 
 
 class HostMatcher(object):
-- 
cgit v1.2.3