diff options
author | Lance Stout <lancestout@gmail.com> | 2014-01-13 10:14:10 -0800 |
---|---|---|
committer | Lance Stout <lancestout@gmail.com> | 2014-01-13 10:14:10 -0800 |
commit | 4ae6d44efc6127851e3e7d8f9007d7840de215f5 (patch) | |
tree | 56dc67662f1559c6dd9781777b546bab9ab86aef /sleekxmpp | |
parent | df9ad823360dd7fd8472d05d072bc4529819ddaa (diff) | |
download | slixmpp-4ae6d44efc6127851e3e7d8f9007d7840de215f5.tar.gz slixmpp-4ae6d44efc6127851e3e7d8f9007d7840de215f5.tar.bz2 slixmpp-4ae6d44efc6127851e3e7d8f9007d7840de215f5.tar.xz slixmpp-4ae6d44efc6127851e3e7d8f9007d7840de215f5.zip |
Allow setting custom cipher suites in Py2.7+
Diffstat (limited to 'sleekxmpp')
-rw-r--r-- | sleekxmpp/xmlstream/xmlstream.py | 42 |
1 files changed, 29 insertions, 13 deletions
diff --git a/sleekxmpp/xmlstream/xmlstream.py b/sleekxmpp/xmlstream/xmlstream.py index c503cdd2..4d17d08c 100644 --- a/sleekxmpp/xmlstream/xmlstream.py +++ b/sleekxmpp/xmlstream/xmlstream.py @@ -123,6 +123,11 @@ class XMLStream(object): #: xmpp.ssl_version = ssl.PROTOCOL_SSLv23 self.ssl_version = ssl.PROTOCOL_TLSv1 + #: The list of accepted ciphers, in OpenSSL Format. + #: It might be useful to override it for improved security + #: over the python defaults. + self.ciphers = None + #: Path to a file containing certificates for verifying the #: server SSL certificate. A non-``None`` value will trigger #: certificate checking. @@ -508,12 +513,18 @@ class XMLStream(object): else: cert_policy = ssl.CERT_REQUIRED - ssl_socket = ssl.wrap_socket(self.socket, - certfile=self.certfile, - keyfile=self.keyfile, - ca_certs=self.ca_certs, - cert_reqs=cert_policy, - do_handshake_on_connect=False) + ssl_args = { + 'certfile': self.certfile, + 'keyfile': self.keyfile, + 'ca_certs': self.ca_certs, + 'cert_reqs': cert_policy, + 'do_handshake_on_connect': False, + } + + if sys.version_info >= (2, 7): + ssl_args['ciphers'] = self.ciphers + + ssl_socket = ssl.wrap_socket(self.socket, **ssl_args) if hasattr(self.socket, 'socket'): # We are using a testing socket, so preserve the top @@ -826,13 +837,18 @@ class XMLStream(object): else: cert_policy = ssl.CERT_REQUIRED - ssl_socket = ssl.wrap_socket(self.socket, - certfile=self.certfile, - keyfile=self.keyfile, - ssl_version=self.ssl_version, - do_handshake_on_connect=False, - ca_certs=self.ca_certs, - cert_reqs=cert_policy) + ssl_args = { + 'certfile': self.certfile, + 'keyfile': self.keyfile, + 'ca_certs': self.ca_certs, + 'cert_reqs': cert_policy, + 'do_handshake_on_connect': False, + } + + if sys.version_info >= (2, 7): + ssl_args['ciphers'] = self.ciphers + + ssl_socket = ssl.wrap_socket(self.socket, **ssl_args); if hasattr(self.socket, 'socket'): # We are using a testing socket, so preserve the top |