diff options
| author | Maximilian Hils <git@maximilianhils.com> | 2015-08-29 12:30:54 +0200 |
|---|---|---|
| committer | Maximilian Hils <git@maximilianhils.com> | 2015-08-29 12:30:54 +0200 |
| commit | 08b630f83ad112bcbd40911d8ef6036d0d00ef45 (patch) | |
| tree | 012d3afc26bd4019762a30db07364aa8da9969cf | |
| parent | dd317aa5d20b3c5205a93a6cd977e8bed0154418 (diff) | |
| download | mitmproxy-08b630f83ad112bcbd40911d8ef6036d0d00ef45.tar.gz mitmproxy-08b630f83ad112bcbd40911d8ef6036d0d00ef45.tar.bz2 mitmproxy-08b630f83ad112bcbd40911d8ef6036d0d00ef45.zip | |
better sslversion handling
| -rw-r--r-- | libpathod/pathoc.py | 4 | ||||
| -rw-r--r-- | libpathod/pathoc_cmdline.py | 12 | ||||
| -rw-r--r-- | libpathod/pathod.py | 4 | ||||
| -rw-r--r-- | libpathod/pathod_cmdline.py | 12 | ||||
| -rw-r--r-- | libpathod/protocols/http.py | 1 |
5 files changed, 19 insertions, 14 deletions
diff --git a/libpathod/pathoc.py b/libpathod/pathoc.py index 62c9669b..ac0b0e4d 100644 --- a/libpathod/pathoc.py +++ b/libpathod/pathoc.py @@ -140,6 +140,7 @@ class Pathoc(tcp.TCPClient): ssl=None, sni=None, ssl_version=tcp.SSL_DEFAULT_METHOD, + ssl_options=tcp.SSL_DEFAULT_OPTIONS, clientcert=None, ciphers=None, @@ -179,6 +180,7 @@ class Pathoc(tcp.TCPClient): self.ssl, self.sni = ssl, sni self.clientcert = clientcert self.ssl_version = ssl_version + self.ssl_options = ssl_options self.ciphers = ciphers self.sslinfo = None @@ -294,6 +296,7 @@ class Pathoc(tcp.TCPClient): sni=self.sni, cert=self.clientcert, method=self.ssl_version, + options=self.ssl_options, cipher_list=self.ciphers, alpn_protos=alpn_protos ) @@ -473,6 +476,7 @@ def main(args): # pragma: nocover ssl=args.ssl, sni=args.sni, ssl_version=args.ssl_version, + ssl_options=args.ssl_options, clientcert=args.clientcert, ciphers=args.ciphers, use_http2=args.use_http2, diff --git a/libpathod/pathoc_cmdline.py b/libpathod/pathoc_cmdline.py index 58963265..bf827a9a 100644 --- a/libpathod/pathoc_cmdline.py +++ b/libpathod/pathoc_cmdline.py @@ -109,12 +109,10 @@ def args_pathoc(argv, stdout=sys.stdout, stderr=sys.stderr): help="SSL cipher specification" ) group.add_argument( - "--ssl-version", dest="ssl_version", type=str, default=tcp.SSL_DEFAULT_VERSION, - choices=tcp.SSL_VERSIONS.keys(), - help="""" - Use a specified protocol: - TLSv1.2, TLSv1.1, TLSv1, SSLv3, SSLv2, SSLv23. - Default to SSLv23.""" + "--ssl-version", dest="ssl_version", type=str, default="secure", + choices=tcp.sslversion_choices.keys(), + help="Set supported SSL/TLS versions. " + "SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure, which is TLS1.0+." ) group = parser.add_argument_group( @@ -163,7 +161,7 @@ def args_pathoc(argv, stdout=sys.stdout, stderr=sys.stderr): args = parser.parse_args(argv[1:]) - args.ssl_version = tcp.SSL_VERSIONS[args.ssl_version] + args.ssl_version, args.ssl_options = tcp.sslversion_choices[args.ssl_version] args.port = None if ":" in args.host: diff --git a/libpathod/pathod.py b/libpathod/pathod.py index 5c813cc5..bce0b66f 100644 --- a/libpathod/pathod.py +++ b/libpathod/pathod.py @@ -38,6 +38,7 @@ class SSLOptions(object): not_after_connect=None, request_client_cert=False, ssl_version=tcp.SSL_DEFAULT_METHOD, + ssl_options=tcp.SSL_DEFAULT_OPTIONS, ciphers=None, certs=None, alpn_select=http2.HTTP2Protocol.ALPN_PROTO_H2, @@ -48,6 +49,7 @@ class SSLOptions(object): self.not_after_connect = not_after_connect self.request_client_cert = request_client_cert self.ssl_version = ssl_version + self.ssl_options = ssl_options self.ciphers = ciphers self.alpn_select = alpn_select self.certstore = certutils.CertStore.from_store( @@ -243,6 +245,7 @@ class PathodHandler(tcp.BaseHandler): request_client_cert=self.server.ssloptions.request_client_cert, cipher_list=self.server.ssloptions.ciphers, method=self.server.ssloptions.ssl_version, + options=self.server.ssloptions.ssl_options, alpn_select=self.server.ssloptions.alpn_select, ) except tcp.NetLibError as v: @@ -435,6 +438,7 @@ def main(args): # pragma: nocover not_after_connect=args.ssl_not_after_connect, ciphers=args.ciphers, ssl_version=args.ssl_version, + ssl_options=args.ssl_options, certs=args.ssl_certs, sans=args.sans, ) diff --git a/libpathod/pathod_cmdline.py b/libpathod/pathod_cmdline.py index f1855e23..c9272249 100644 --- a/libpathod/pathod_cmdline.py +++ b/libpathod/pathod_cmdline.py @@ -139,12 +139,10 @@ def args_pathod(argv, stdout_=sys.stdout, stderr_=sys.stderr): """ ) group.add_argument( - "--ssl-version", dest="ssl_version", type=str, default=tcp.SSL_DEFAULT_VERSION, - choices=tcp.SSL_VERSIONS.keys(), - help="""" - Use a specified protocol: - TLSv1.2, TLSv1.1, TLSv1, SSLv3, SSLv2, SSLv23. - Default to SSLv23.""" + "--ssl-version", dest="ssl_version", type=str, default="secure", + choices=tcp.sslversion_choices.keys(), + help="Set supported SSL/TLS versions. " + "SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure, which is TLS1.0+." ) group = parser.add_argument_group( @@ -182,7 +180,7 @@ def args_pathod(argv, stdout_=sys.stdout, stderr_=sys.stderr): args = parser.parse_args(argv[1:]) - args.ssl_version = tcp.SSL_VERSIONS[args.ssl_version] + args.ssl_version, args.ssl_options = tcp.sslversion_choices[args.ssl_version] certs = [] for i in args.ssl_certs: diff --git a/libpathod/protocols/http.py b/libpathod/protocols/http.py index ca2b28b4..0539b68d 100644 --- a/libpathod/protocols/http.py +++ b/libpathod/protocols/http.py @@ -60,6 +60,7 @@ class HTTPProtocol: request_client_cert=self.pathod_handler.server.ssloptions.request_client_cert, cipher_list=self.pathod_handler.server.ssloptions.ciphers, method=self.pathod_handler.server.ssloptions.ssl_version, + options=self.pathod_handler.server.ssloptions.ssl_options, alpn_select=self.pathod_handler.server.ssloptions.alpn_select, ) except tcp.NetLibError as v: |