Rooba
/
mitmproxy
mirror of https://github.com/mitmproxy/mitmproxy.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

move sslversion mapping to netlib

This commit is contained in:
Maximilian Hils 2015-08-29 12:34:01 +02:00
parent 1cc48345e1
commit 2dfba2105b
2 changed files with 6 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
libmproxy/cmdline.py
View File

@ -2,7 +2,7 @@ from __future__ import absolute_import
import os import os
import re import re
import configargparse import configargparse
from netlib.tcp import Address from netlib.tcp import Address, sslversion_choices
import netlib.utils import netlib.utils
@ -423,15 +423,15 @@ def proxy_ssl_options(parser):
group.add_argument( group.add_argument(
"--ssl-version-client", dest="ssl_version_client", "--ssl-version-client", dest="ssl_version_client",
default="secure", action="store", default="secure", action="store",
choices=config.sslversion_choices.keys(), choices=sslversion_choices.keys(),
help="Set supported SSL/TLS version for client connections. " help="Set supported SSL/TLS versions for client connections. "
"SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure, which is TLS1.0+." "SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure, which is TLS1.0+."
) )
group.add_argument( group.add_argument(
"--ssl-version-server", dest="ssl_version_server", "--ssl-version-server", dest="ssl_version_server",
default="secure", action="store", default="secure", action="store",
choices=config.sslversion_choices.keys(), choices=sslversion_choices.keys(),
help="Set supported SSL/TLS version for server connections. " help="Set supported SSL/TLS versions for server connections. "
"SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure, which is TLS1.0+." "SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure, which is TLS1.0+."
) )

20
libmproxy/proxy/config.py
View File

@ -8,7 +8,7 @@ from netlib import certutils, tcp
from netlib.http import authentication from netlib.http import authentication
from .. import utils, platform from .. import utils, platform
from netlib.tcp import Address from netlib.tcp import Address, sslversion_choices
CONF_BASENAME = "mitmproxy" CONF_BASENAME = "mitmproxy"
CA_DIR = "~/.mitmproxy" CA_DIR = "~/.mitmproxy"
@ -98,24 +98,6 @@ class ProxyConfig:
self.openssl_trusted_ca_server = ssl_verify_upstream_trusted_ca self.openssl_trusted_ca_server = ssl_verify_upstream_trusted_ca
"""
Map a reasonable SSL version specification into the format OpenSSL expects.
Don't ask...
https://bugs.launchpad.net/pyopenssl/+bug/1020632/comments/3
"""
sslversion_choices = {
"all": (SSL.SSLv23_METHOD, 0),
# SSLv23_METHOD + NO_SSLv2 + NO_SSLv3 == TLS 1.0+
# TLSv1_METHOD would be TLS 1.0 only
"secure": (SSL.SSLv23_METHOD, (SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)),
"SSLv2": (SSL.SSLv2_METHOD, 0),
"SSLv3": (SSL.SSLv3_METHOD, 0),
"TLSv1": (SSL.TLSv1_METHOD, 0),
"TLSv1_1": (SSL.TLSv1_1_METHOD, 0),
"TLSv1_2": (SSL.TLSv1_2_METHOD, 0),
}
def process_proxy_options(parser, options): def process_proxy_options(parser, options):
body_size_limit = utils.parse_size(options.body_size_limit) body_size_limit = utils.parse_size(options.body_size_limit)