mirror of
https://github.com/jellyfin/jellyfin-kodi.git
synced 2024-12-26 02:36:10 +00:00
Disable TLSv1.0 and TLSv1.1 in websocket lib
These protocols are disabled by default in modern browsers as of March/April 2020.
This commit is contained in:
parent
b546909cce
commit
21643cd95e
1 changed files with 2 additions and 0 deletions
|
@ -139,6 +139,8 @@ def _wrap_sni_socket(sock, sslopt, hostname):
|
||||||
context = ssl.SSLContext(sslopt.get('ssl_version', ssl.PROTOCOL_TLS))
|
context = ssl.SSLContext(sslopt.get('ssl_version', ssl.PROTOCOL_TLS))
|
||||||
context.options |= ssl.OP_NO_SSLv2 # Explicitly disable SSLv2
|
context.options |= ssl.OP_NO_SSLv2 # Explicitly disable SSLv2
|
||||||
context.options |= ssl.OP_NO_SSLv3 # Explicitly disable SSLv3
|
context.options |= ssl.OP_NO_SSLv3 # Explicitly disable SSLv3
|
||||||
|
context.options |= ssl.OP_NO_TLSv1 # Explicitly disable TLSv1.0
|
||||||
|
context.options |= ssl.OP_NO_TLSv1_1 # Explicitly disable TLSv1.1
|
||||||
|
|
||||||
if sslopt.get('cert_reqs', ssl.CERT_NONE) != ssl.CERT_NONE:
|
if sslopt.get('cert_reqs', ssl.CERT_NONE) != ssl.CERT_NONE:
|
||||||
capath = ssl.get_default_verify_paths().capath
|
capath = ssl.get_default_verify_paths().capath
|
||||||
|
|
Loading…
Reference in a new issue