Jellyfin/jellyfin-kodi
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin-kodi.git synced 2024-11-10 04:06:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

Disable TLSv1.0 and TLSv1.1 in websocket lib

Browse source 
These protocols are disabled by default in modern browsers
as of March/April 2020.
This commit is contained in:
Odd Stråbø 2020-04-16 03:37:34 +02:00
parent b546909cce
commit 21643cd95e
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
jellyfin_kodi/jellyfin/websocket.py
View file

@ -139,6 +139,8 @@ def _wrap_sni_socket(sock, sslopt, hostname):
context = ssl.SSLContext(sslopt.get('ssl_version', ssl.PROTOCOL_TLS)) context = ssl.SSLContext(sslopt.get('ssl_version', ssl.PROTOCOL_TLS))
context.options |= ssl.OP_NO_SSLv2 # Explicitly disable SSLv2 context.options |= ssl.OP_NO_SSLv2 # Explicitly disable SSLv2
context.options |= ssl.OP_NO_SSLv3 # Explicitly disable SSLv3 context.options |= ssl.OP_NO_SSLv3 # Explicitly disable SSLv3
context.options |= ssl.OP_NO_TLSv1 # Explicitly disable TLSv1.0
context.options |= ssl.OP_NO_TLSv1_1 # Explicitly disable TLSv1.1
if sslopt.get('cert_reqs', ssl.CERT_NONE) != ssl.CERT_NONE: if sslopt.get('cert_reqs', ssl.CERT_NONE) != ssl.CERT_NONE:
capath = ssl.get_default_verify_paths().capath capath = ssl.get_default_verify_paths().capath