Irc: forcibly disable SSLv2 and SSLv3

2025-11-04 08:57:25 +01:00 · 2016-06-26 10:02:27 -07:00 · 2016-06-26 10:02:27 -07:00 · 0fbf9e165c
commit 0fbf9e165c
parent e966fe7e56
1 changed files with 7 additions and 3 deletions
--- a/classes.py
+++ b/classes.py
@ -199,9 +199,13 @@ class Irc():
                    keyfile = self.serverdata.get('ssl_keyfile')
                    if certfile and keyfile:
                        try:
-                            self.socket = ssl.wrap_socket(self.socket,
-                                                          certfile=certfile,
-                                                          keyfile=keyfile)
+                            context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+                            # Disable SSLv2 and SSLv3 - these are insecure
+                            context.options |= ssl.OP_NO_SSLv2
+                            context.options |= ssl.OP_NO_SSLv3
+                            context.load_cert_chain(certfile, keyfile)
+                            self.socket = context.wrap_socket(self.socket)
+
                        except OSError:
                             log.exception('(%s) Caught OSError trying to '
                                           'initialize the SSL connection; '