From 0dfea097696cbddadd97d12c8ca2031580dede0d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Odd=20Str=C3=A5b=C3=B8?= <oddstr13@openshell.no>
Date: Thu, 16 Apr 2020 01:53:56 +0200
Subject: [PATCH] Disable SSLv2 and SSLv3 support in websocket lib

Requires Python2 >= 2.7.9, Python3 >= 3.6
---
 jellyfin_kodi/jellyfin/websocket.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/jellyfin_kodi/jellyfin/websocket.py b/jellyfin_kodi/jellyfin/websocket.py
index 47bbf05c..fdb8ce00 100644
--- a/jellyfin_kodi/jellyfin/websocket.py
+++ b/jellyfin_kodi/jellyfin/websocket.py
@@ -136,7 +136,9 @@ def getdefaulttimeout():
 
 
 def _wrap_sni_socket(sock, sslopt, hostname):
-    context = ssl.SSLContext(sslopt.get('ssl_version', ssl.PROTOCOL_SSLv23))
+    context = ssl.SSLContext(sslopt.get('ssl_version', ssl.PROTOCOL_TLS))
+    context.options |= ssl.OP_NO_SSLv2  # Explicitly disable SSLv2
+    context.options |= ssl.OP_NO_SSLv3  # Explicitly disable SSLv3
 
     if sslopt.get('cert_reqs', ssl.CERT_NONE) != ssl.CERT_NONE:
         capath = ssl.get_default_verify_paths().capath
@@ -547,7 +549,7 @@ class WebSocket(object):
 
         # https://tools.ietf.org/html/rfc6455#page-6
         magic_string = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11".encode()
-        value = key +  magic_string
+        value = key + magic_string
         hashed = base64.encodestring(hashlib.sha1(value).digest()).strip().lower().decode()
         return hashed == result