summaryrefslogtreecommitdiff
path: root/sleekxmpp
diff options
context:
space:
mode:
authorLance Stout <lancestout@gmail.com>2014-01-13 10:14:10 -0800
committerLance Stout <lancestout@gmail.com>2014-01-13 10:14:10 -0800
commit4ae6d44efc6127851e3e7d8f9007d7840de215f5 (patch)
tree56dc67662f1559c6dd9781777b546bab9ab86aef /sleekxmpp
parentdf9ad823360dd7fd8472d05d072bc4529819ddaa (diff)
downloadslixmpp-4ae6d44efc6127851e3e7d8f9007d7840de215f5.tar.gz
slixmpp-4ae6d44efc6127851e3e7d8f9007d7840de215f5.tar.bz2
slixmpp-4ae6d44efc6127851e3e7d8f9007d7840de215f5.tar.xz
slixmpp-4ae6d44efc6127851e3e7d8f9007d7840de215f5.zip
Allow setting custom cipher suites in Py2.7+
Diffstat (limited to 'sleekxmpp')
-rw-r--r--sleekxmpp/xmlstream/xmlstream.py42
1 files changed, 29 insertions, 13 deletions
diff --git a/sleekxmpp/xmlstream/xmlstream.py b/sleekxmpp/xmlstream/xmlstream.py
index c503cdd2..4d17d08c 100644
--- a/sleekxmpp/xmlstream/xmlstream.py
+++ b/sleekxmpp/xmlstream/xmlstream.py
@@ -123,6 +123,11 @@ class XMLStream(object):
#: xmpp.ssl_version = ssl.PROTOCOL_SSLv23
self.ssl_version = ssl.PROTOCOL_TLSv1
+ #: The list of accepted ciphers, in OpenSSL Format.
+ #: It might be useful to override it for improved security
+ #: over the python defaults.
+ self.ciphers = None
+
#: Path to a file containing certificates for verifying the
#: server SSL certificate. A non-``None`` value will trigger
#: certificate checking.
@@ -508,12 +513,18 @@ class XMLStream(object):
else:
cert_policy = ssl.CERT_REQUIRED
- ssl_socket = ssl.wrap_socket(self.socket,
- certfile=self.certfile,
- keyfile=self.keyfile,
- ca_certs=self.ca_certs,
- cert_reqs=cert_policy,
- do_handshake_on_connect=False)
+ ssl_args = {
+ 'certfile': self.certfile,
+ 'keyfile': self.keyfile,
+ 'ca_certs': self.ca_certs,
+ 'cert_reqs': cert_policy,
+ 'do_handshake_on_connect': False,
+ }
+
+ if sys.version_info >= (2, 7):
+ ssl_args['ciphers'] = self.ciphers
+
+ ssl_socket = ssl.wrap_socket(self.socket, **ssl_args)
if hasattr(self.socket, 'socket'):
# We are using a testing socket, so preserve the top
@@ -826,13 +837,18 @@ class XMLStream(object):
else:
cert_policy = ssl.CERT_REQUIRED
- ssl_socket = ssl.wrap_socket(self.socket,
- certfile=self.certfile,
- keyfile=self.keyfile,
- ssl_version=self.ssl_version,
- do_handshake_on_connect=False,
- ca_certs=self.ca_certs,
- cert_reqs=cert_policy)
+ ssl_args = {
+ 'certfile': self.certfile,
+ 'keyfile': self.keyfile,
+ 'ca_certs': self.ca_certs,
+ 'cert_reqs': cert_policy,
+ 'do_handshake_on_connect': False,
+ }
+
+ if sys.version_info >= (2, 7):
+ ssl_args['ciphers'] = self.ciphers
+
+ ssl_socket = ssl.wrap_socket(self.socket, **ssl_args);
if hasattr(self.socket, 'socket'):
# We are using a testing socket, so preserve the top