move sslversion mapping to netlib

2015-08-29 12:30:35 +02:00 · 2015-08-29 12:30:35 +02:00 · 1265945f55
parent 982d8000c4
commit 1265945f55
1 changed files with 17 additions and 0 deletions
--- a/netlib/tcp.py
+++ b/netlib/tcp.py
@ -32,6 +32,23 @@ SSL_DEFAULT_OPTIONS = (
 if hasattr(SSL, "OP_NO_COMPRESSION"):
    SSL_DEFAULT_OPTIONS |= SSL.OP_NO_COMPRESSION

+"""
+Map a reasonable SSL version specification into the format OpenSSL expects.
+Don't ask...
+https://bugs.launchpad.net/pyopenssl/+bug/1020632/comments/3
+"""
+sslversion_choices = {
+    "all": (SSL.SSLv23_METHOD, 0),
+    # SSLv23_METHOD + NO_SSLv2 + NO_SSLv3 == TLS 1.0+
+    # TLSv1_METHOD would be TLS 1.0 only
+    "secure": (SSL.SSLv23_METHOD, (SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)),
+    "SSLv2": (SSL.SSLv2_METHOD, 0),
+    "SSLv3": (SSL.SSLv3_METHOD, 0),
+    "TLSv1": (SSL.TLSv1_METHOD, 0),
+    "TLSv1_1": (SSL.TLSv1_1_METHOD, 0),
+    "TLSv1_2": (SSL.TLSv1_2_METHOD, 0),
+}
+

 class NetLibError(Exception):
    pass