Rooba
/
mitmproxy
mirror of https://github.com/mitmproxy/mitmproxy.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Only set OP_NO_COMPRESSION by default if it exists in our version of OpenSSL 

We'll need to start testing under both new and old versions of OpenSSL
somehow to catch these...
This commit is contained in:
Aldo Cortesi 2015-06-18 12:18:22 +12:00
parent 4152b14387
commit 6e301f37d0
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
netlib/tcp.py
View File

@ -22,6 +22,17 @@ TLSv1_METHOD = SSL.TLSv1_METHOD
TLSv1_1_METHOD = SSL.TLSv1_1_METHOD TLSv1_1_METHOD = SSL.TLSv1_1_METHOD
TLSv1_2_METHOD = SSL.TLSv1_2_METHOD TLSv1_2_METHOD = SSL.TLSv1_2_METHOD
SSL_DEFAULT_OPTIONS = (
SSL.OP_NO_SSLv2 |
SSL.OP_NO_SSLv3 |
SSL.OP_CIPHER_SERVER_PREFERENCE
)
if hasattr(SSL, "OP_NO_COMPRESSION"):
SSL_DEFAULT_OPTIONS |= SSL.OP_NO_COMPRESSION
class NetLibError(Exception): class NetLibError(Exception):
pass pass
@ -365,7 +376,7 @@ class _Connection(object):
def _create_ssl_context(self, def _create_ssl_context(self,
method=SSLv23_METHOD, method=SSLv23_METHOD,
options=(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 | SSL.OP_CIPHER_SERVER_PREFERENCE | SSL.OP_NO_COMPRESSION), options=SSL_DEFAULT_OPTIONS,
verify_options=SSL.VERIFY_NONE, verify_options=SSL.VERIFY_NONE,
ca_path=None, ca_path=None,
ca_pemfile=None, ca_pemfile=None,