Rooba
/
mitmproxy
mirror of https://github.com/mitmproxy/mitmproxy.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

move sslversion mapping to netlib

This commit is contained in:
Maximilian Hils 2015-08-29 12:34:01 +02:00
parent 1cc48345e1
commit 2dfba2105b
2 changed files with 6 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
libmproxy/cmdline.py
View File

@ -2,7 +2,7 @@ from __future__ import absolute_import
import os
import re
import configargparse
from netlib.tcp import Address
from netlib.tcp import Address, sslversion_choices
import netlib.utils
@ -423,15 +423,15 @@ def proxy_ssl_options(parser):
group.add_argument(
"--ssl-version-client", dest="ssl_version_client",
default="secure", action="store",
choices=config.sslversion_choices.keys(),
help="Set supported SSL/TLS version for client connections. "
choices=sslversion_choices.keys(),
help="Set supported SSL/TLS versions for client connections. "
"SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure, which is TLS1.0+."
)
group.add_argument(
"--ssl-version-server", dest="ssl_version_server",
default="secure", action="store",
choices=config.sslversion_choices.keys(),
help="Set supported SSL/TLS version for server connections. "
choices=sslversion_choices.keys(),
help="Set supported SSL/TLS versions for server connections. "
"SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure, which is TLS1.0+."
)

20
libmproxy/proxy/config.py
View File

@ -8,7 +8,7 @@ from netlib import certutils, tcp
from netlib.http import authentication
from .. import utils, platform
from netlib.tcp import Address
from netlib.tcp import Address, sslversion_choices
CONF_BASENAME = "mitmproxy"
CA_DIR = "~/.mitmproxy"
@ -98,24 +98,6 @@ class ProxyConfig:
self.openssl_trusted_ca_server = ssl_verify_upstream_trusted_ca
"""
Map a reasonable SSL version specification into the format OpenSSL expects.
Don't ask...
https://bugs.launchpad.net/pyopenssl/+bug/1020632/comments/3
"""
sslversion_choices = {
"all": (SSL.SSLv23_METHOD, 0),
# SSLv23_METHOD + NO_SSLv2 + NO_SSLv3 == TLS 1.0+
# TLSv1_METHOD would be TLS 1.0 only
"secure": (SSL.SSLv23_METHOD, (SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)),
"SSLv2": (SSL.SSLv2_METHOD, 0),
"SSLv3": (SSL.SSLv3_METHOD, 0),
"TLSv1": (SSL.TLSv1_METHOD, 0),
"TLSv1_1": (SSL.TLSv1_1_METHOD, 0),
"TLSv1_2": (SSL.TLSv1_2_METHOD, 0),
}
def process_proxy_options(parser, options):
body_size_limit = utils.parse_size(options.body_size_limit)