Disable SSLv2 and SSLv3 support in websocket lib

Requires Python2 >= 2.7.9, Python3 >= 3.6
This commit is contained in:
Odd Stråbø 2020-04-16 01:53:56 +02:00
parent cf29767406
commit 0dfea09769

View file

@ -136,7 +136,9 @@ def getdefaulttimeout():
def _wrap_sni_socket(sock, sslopt, hostname): def _wrap_sni_socket(sock, sslopt, hostname):
context = ssl.SSLContext(sslopt.get('ssl_version', ssl.PROTOCOL_SSLv23)) context = ssl.SSLContext(sslopt.get('ssl_version', ssl.PROTOCOL_TLS))
context.options |= ssl.OP_NO_SSLv2 # Explicitly disable SSLv2
context.options |= ssl.OP_NO_SSLv3 # Explicitly disable SSLv3
if sslopt.get('cert_reqs', ssl.CERT_NONE) != ssl.CERT_NONE: if sslopt.get('cert_reqs', ssl.CERT_NONE) != ssl.CERT_NONE:
capath = ssl.get_default_verify_paths().capath capath = ssl.get_default_verify_paths().capath