A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from http://mail.python.org/pipermail/python-dev/2009-September/091636.html below:

[Python-Dev] Controlling the cipher list for SSL connections

[Python-Dev] Controlling the cipher list for SSL connectionsChris Frantz frantzcj at gmail.com
Mon Sep 7 18:09:36 CEST 2009 
Greetings,

I would like to be able to set the cipher list when creating an SSL
connection.  It appears that the current SSL module doesn't provide
this functionality.

The attached patch (against trunk) adds this ability to SSLSocket.

Thank you,
--Chris

PS: Please reply directly to me, as I'm not subscribed to this list.

Index: Python-2.7/Lib/ssl.py
===================================================================
--- Python-2.7/Lib/ssl.py    (revision 74703)
+++ Python-2.7/Lib/ssl.py    (working copy)
@@ -88,7 +88,7 @@
                  server_side=False, cert_reqs=CERT_NONE,
                  ssl_version=PROTOCOL_SSLv23, ca_certs=None,
                  do_handshake_on_connect=True,
-                 suppress_ragged_eofs=True):
+                 suppress_ragged_eofs=True, cipher_list=None):
         socket.__init__(self, _sock=sock._sock)
         # the initializer for socket trashes the methods (tsk, tsk), so...
         self.send = lambda data, flags=0: SSLSocket.send(self, data, flags)
@@ -110,7 +110,8 @@
             # yes, create the SSL object
             self._sslobj = _ssl.sslwrap(self._sock, server_side,
                                         keyfile, certfile,
-                                        cert_reqs, ssl_version, ca_certs)
+                                        cert_reqs, ssl_version,
+                                        ca_certs, cipher_list)
             if do_handshake_on_connect:
                 timeout = self.gettimeout()
                 try:
Index: Python-2.7/Modules/_ssl.c
===================================================================
--- Python-2.7/Modules/_ssl.c    (revision 74703)
+++ Python-2.7/Modules/_ssl.c    (working copy)
@@ -261,7 +261,8 @@
            enum py_ssl_server_or_client socket_type,
            enum py_ssl_cert_requirements certreq,
            enum py_ssl_version proto_version,
-           char *cacerts_file)
+           char *cacerts_file,
+           char *cipher_list)
 {
     PySSLObject *self;
     char *errstr = NULL;
@@ -366,6 +367,9 @@
     SSL_CTX_set_verify(self->ctx, verification_mode,
                NULL); /* set verify lvl */

+    if (cipher_list)
+        SSL_CTX_set_cipher_list(self->ctx, cipher_list);
+
     PySSL_BEGIN_ALLOW_THREADS
     self->ssl = SSL_new(self->ctx); /* New ssl struct */
     PySSL_END_ALLOW_THREADS
@@ -407,14 +411,17 @@
     char *key_file = NULL;
     char *cert_file = NULL;
     char *cacerts_file = NULL;
+    char *cipher_list = NULL;

-    if (!PyArg_ParseTuple(args, "O!i|zziiz:sslwrap",
+
+    if (!PyArg_ParseTuple(args, "O!i|zziizz:sslwrap",
                   PySocketModule.Sock_Type,
                   &Sock,
                   &server_side,
                   &key_file, &cert_file,
                   &verification_mode, &protocol,
-                  &cacerts_file))
+                  &cacerts_file,
+                  &cipher_list))
         return NULL;

     /*
@@ -427,12 +434,12 @@

     return (PyObject *) newPySSLObject(Sock, key_file, cert_file,
                        server_side, verification_mode,
-                       protocol, cacerts_file);
+                       protocol, cacerts_file, cipher_list);
 }

 PyDoc_STRVAR(ssl_doc,
 "sslwrap(socket, server_side, [keyfile, certfile, certs_mode, protocol,\n"
-"                              cacertsfile]) -> sslobject");
+"                              cacertsfile, cipherlist]) -> sslobject");

 /* SSL object methods */
More information about the Python-Dev mailing list

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4