Merge pull request #19 from rouli/ciphersuites
adding cipher list selection option to BaseHandler
This commit is contained in:
Aldo Cortesi
commit
98a580cf69
|
|
@ -267,7 +267,7 @@ class BaseHandler:
|
||||||
|
|
||||||
self.clientcert = None
|
self.clientcert = None
|
||||||
|
|
||||||
def convert_to_ssl(self, cert, key, method=SSLv23_METHOD, options=None, handle_sni=None, request_client_cert=False):
|
def convert_to_ssl(self, cert, key, method=SSLv23_METHOD, options=None, handle_sni=None, request_client_cert=False, cipher_list=None):
|
||||||
"""
|
"""
|
||||||
cert: A certutils.SSLCert object.
|
cert: A certutils.SSLCert object.
|
||||||
method: One of SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, or TLSv1_METHOD
|
method: One of SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, or TLSv1_METHOD
|
||||||
|
|
@ -295,6 +295,8 @@ class BaseHandler:
|
||||||
ctx = SSL.Context(method)
|
ctx = SSL.Context(method)
|
||||||
if not options is None:
|
if not options is None:
|
||||||
ctx.set_options(options)
|
ctx.set_options(options)
|
||||||
|
if cipher_list:
|
||||||
|
ctx.set_cipher_list(cipher_list)
|
||||||
if handle_sni:
|
if handle_sni:
|
||||||
# SNI callback happens during do_handshake()
|
# SNI callback happens during do_handshake()
|
||||||
ctx.set_tlsext_servername_callback(handle_sni)
|
ctx.set_tlsext_servername_callback(handle_sni)
|
||||||
|
|
|
||||||
|
|
@ -66,7 +66,8 @@ class TServer(tcp.TCPServer):
|
||||||
method = method,
|
method = method,
|
||||||
options = options,
|
options = options,
|
||||||
handle_sni = getattr(h, "handle_sni", None),
|
handle_sni = getattr(h, "handle_sni", None),
|
||||||
request_client_cert = self.ssl["request_client_cert"]
|
request_client_cert = self.ssl["request_client_cert"],
|
||||||
|
cipher_list = self.ssl.get("cipher_list", None)
|
||||||
)
|
)
|
||||||
h.handle()
|
h.handle()
|
||||||
h.finish()
|
h.finish()
|
||||||
|
|
|
||||||
|
|
@ -34,6 +34,15 @@ class CertHandler(tcp.BaseHandler):
|
||||||
self.wfile.flush()
|
self.wfile.flush()
|
||||||
|
|
||||||
|
|
||||||
|
class ClientCipherListHandler(tcp.BaseHandler):
|
||||||
|
sni = None
|
||||||
|
|
||||||
|
def handle(self):
|
||||||
|
print self.connection.get_cipher_list()
|
||||||
|
self.wfile.write("%s"%self.connection.get_cipher_list())
|
||||||
|
self.wfile.flush()
|
||||||
|
|
||||||
|
|
||||||
class DisconnectHandler(tcp.BaseHandler):
|
class DisconnectHandler(tcp.BaseHandler):
|
||||||
def handle(self):
|
def handle(self):
|
||||||
self.close()
|
self.close()
|
||||||
|
|
@ -180,6 +189,22 @@ class TestSNI(test.ServerTestBase):
|
||||||
assert c.rfile.readline() == "foo.com"
|
assert c.rfile.readline() == "foo.com"
|
||||||
|
|
||||||
|
|
||||||
|
class TestClientCipherList(test.ServerTestBase):
|
||||||
|
handler = ClientCipherListHandler
|
||||||
|
ssl = dict(
|
||||||
|
cert = tutils.test_data.path("data/server.crt"),
|
||||||
|
key = tutils.test_data.path("data/server.key"),
|
||||||
|
request_client_cert = False,
|
||||||
|
v3_only = False,
|
||||||
|
cipher_list = 'RC4-SHA'
|
||||||
|
)
|
||||||
|
def test_echo(self):
|
||||||
|
c = tcp.TCPClient("127.0.0.1", self.port)
|
||||||
|
c.connect()
|
||||||
|
c.convert_to_ssl(sni="foo.com")
|
||||||
|
assert c.rfile.readline() == "['RC4-SHA']"
|
||||||
|
|
||||||
|
|
||||||
class TestSSLDisconnect(test.ServerTestBase):
|
class TestSSLDisconnect(test.ServerTestBase):
|
||||||
handler = DisconnectHandler
|
handler = DisconnectHandler
|
||||||
ssl = dict(
|
ssl = dict(
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue