diff options
| author | Aldo Cortesi <aldo@nullcube.com> | 2015-06-18 12:18:22 +1200 |
|---|---|---|
| committer | Aldo Cortesi <aldo@nullcube.com> | 2015-06-18 12:18:22 +1200 |
| commit | 6e301f37d0597d86008c440f62526f906f0ae9f4 (patch) | |
| tree | d02d1bea1b60da51efacc9061f5d569db5f50be9 /netlib/tcp.py | |
| parent | 4152b14387e1fd59f388f695ac468be2a888caa2 (diff) | |
| download | mitmproxy-6e301f37d0597d86008c440f62526f906f0ae9f4.tar.gz mitmproxy-6e301f37d0597d86008c440f62526f906f0ae9f4.tar.bz2 mitmproxy-6e301f37d0597d86008c440f62526f906f0ae9f4.zip | |
Only set OP_NO_COMPRESSION by default if it exists in our version of OpenSSL
We'll need to start testing under both new and old versions of OpenSSL
somehow to catch these...
Diffstat (limited to 'netlib/tcp.py')
| -rw-r--r-- | netlib/tcp.py | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/netlib/tcp.py b/netlib/tcp.py index a1d1fe62..52ebc3c0 100644 --- a/netlib/tcp.py +++ b/netlib/tcp.py @@ -22,6 +22,17 @@ TLSv1_METHOD = SSL.TLSv1_METHOD TLSv1_1_METHOD = SSL.TLSv1_1_METHOD TLSv1_2_METHOD = SSL.TLSv1_2_METHOD + +SSL_DEFAULT_OPTIONS = ( + SSL.OP_NO_SSLv2 | + SSL.OP_NO_SSLv3 | + SSL.OP_CIPHER_SERVER_PREFERENCE +) + +if hasattr(SSL, "OP_NO_COMPRESSION"): + SSL_DEFAULT_OPTIONS |= SSL.OP_NO_COMPRESSION + + class NetLibError(Exception): pass @@ -365,7 +376,7 @@ class _Connection(object): def _create_ssl_context(self, method=SSLv23_METHOD, - options=(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 | SSL.OP_CIPHER_SERVER_PREFERENCE | SSL.OP_NO_COMPRESSION), + options=SSL_DEFAULT_OPTIONS, verify_options=SSL.VERIFY_NONE, ca_path=None, ca_pemfile=None, |