3
0
mirror of https://github.com/jlu5/PyLink.git synced 2024-11-01 01:09:22 +01:00

Irc: forcibly disable SSLv2 and SSLv3

This commit is contained in:
James Lu 2016-06-26 10:02:27 -07:00
parent e966fe7e56
commit 0fbf9e165c

View File

@ -199,9 +199,13 @@ class Irc():
keyfile = self.serverdata.get('ssl_keyfile') keyfile = self.serverdata.get('ssl_keyfile')
if certfile and keyfile: if certfile and keyfile:
try: try:
self.socket = ssl.wrap_socket(self.socket, context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
certfile=certfile, # Disable SSLv2 and SSLv3 - these are insecure
keyfile=keyfile) context.options |= ssl.OP_NO_SSLv2
context.options |= ssl.OP_NO_SSLv3
context.load_cert_chain(certfile, keyfile)
self.socket = context.wrap_socket(self.socket)
except OSError: except OSError:
log.exception('(%s) Caught OSError trying to ' log.exception('(%s) Caught OSError trying to '
'initialize the SSL connection; ' 'initialize the SSL connection; '