mirrors/github.com_openSUSE_osc
1
0
Fork 0
mirror of https://github.com/openSUSE/osc.git synced 2025-01-24 22:06:14 +01:00
Code

don't set SSL_OP_ALL

Browse Source 
SSL_OP_ALL contains SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS which actually
fixes a weakness in SSL.
This commit is contained in:
Ludwig Nussel 2011-09-20 15:32:13 +02:00
parent 4a1cc2cc88
commit 1f8bed8221
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
osc/oscssl.py
View File

@ -154,7 +154,7 @@ class mySSLContext(SSL.Context):
def __init__(self):
SSL.Context.__init__(self, 'sslv23')
self.set_options(m2.SSL_OP_ALL | m2.SSL_OP_NO_SSLv2 | m2.SSL_OP_NO_SSLv3)
self.set_options(m2.SSL_OP_NO_SSLv2 | m2.SSL_OP_NO_SSLv3)
self.set_cipher_list("HIGH:!eNULL:!aNULL:!EXPORT:!LOW:!MEDIUM:!FZA:!kRSA:!MD5:!RC4:!SSLv2:@STRENGTH")
self.set_session_cache_mode(m2.SSL_SESS_CACHE_CLIENT)
self.verrs = None