diff options
| author | Jonah BrĂ¼chert <jbb@kaidan.im> | 2024-04-20 01:12:49 +0200 |
|---|---|---|
| committer | Jonah BrĂ¼chert <jbb@kaidan.im> | 2024-04-20 01:12:49 +0200 |
| commit | 1c42611d170bae5c8bb3ce47389b9039204de654 (patch) | |
| tree | 13456426a0c5c04412a3757d29fcff0ac0e9e4dd | |
| parent | 71c7a6b5836043e9476e98a61aa5dd907e0d4ce4 (diff) | |
| download | bcfg2-1c42611d170bae5c8bb3ce47389b9039204de654.tar.gz bcfg2-1c42611d170bae5c8bb3ce47389b9039204de654.tar.bz2 bcfg2-1c42611d170bae5c8bb3ce47389b9039204de654.zip | |
Default to using the highest available TLS version
| -rw-r--r-- | src/lib/Bcfg2/Client/Proxy.py | 4 | ||||
| -rw-r--r-- | src/lib/Bcfg2/Options/Common.py | 4 | ||||
| -rw-r--r-- | src/lib/Bcfg2/Server/SSLServer.py | 10 |
3 files changed, 9 insertions, 9 deletions
diff --git a/src/lib/Bcfg2/Client/Proxy.py b/src/lib/Bcfg2/Client/Proxy.py index dd841dd08..5b5ef9da6 100644 --- a/src/lib/Bcfg2/Client/Proxy.py +++ b/src/lib/Bcfg2/Client/Proxy.py @@ -202,9 +202,7 @@ class SSLHTTPConnection(httplib.HTTPConnection): elif self.protocol == 'xmlrpc/tlsv1': ssl_protocol_ver = ssl.PROTOCOL_TLSv1 elif self.protocol == 'xmlrpc/tls': - if has_py310: - ssl_protocol_ver = ssl.PROTOCOL_TLS_SERVER - elif has_py36: + if has_py36: ssl_protocol_ver = ssl.PROTOCOL_TLS elif has_py34: ssl_protocol_ver = ssl.PROTOCOL_TLSv1_2 diff --git a/src/lib/Bcfg2/Options/Common.py b/src/lib/Bcfg2/Options/Common.py index 620a7604c..8323342aa 100644 --- a/src/lib/Bcfg2/Options/Common.py +++ b/src/lib/Bcfg2/Options/Common.py @@ -113,8 +113,8 @@ class Common(object): #: Communication protocol protocol = Option( - cf=('communication', 'protocol'), default='xmlrpc/tlsv1', - choices=['xmlrpc/ssl', 'xmlrpc/tlsv1'], + cf=('communication', 'protocol'), default='xmlrpc/tls', + choices=['xmlrpc/ssl', 'xmlrpc/tlsv1', 'xmlrpc/tls'], help='Communication protocol to use.') #: Default Path paranoid setting diff --git a/src/lib/Bcfg2/Server/SSLServer.py b/src/lib/Bcfg2/Server/SSLServer.py index f0e8696cf..e4a6c8da8 100644 --- a/src/lib/Bcfg2/Server/SSLServer.py +++ b/src/lib/Bcfg2/Server/SSLServer.py @@ -74,7 +74,7 @@ class SSLServer(SocketServer.TCPServer, object): def __init__(self, listen_all, server_address, RequestHandlerClass, keyfile=None, certfile=None, reqCert=False, ca=None, - timeout=None, protocol='xmlrpc/tlsv1'): + timeout=None, protocol='xmlrpc/tls'): """ :param listen_all: Listen on all interfaces :type listen_all: bool @@ -90,7 +90,7 @@ class SSLServer(SocketServer.TCPServer, object): :type ca: string :param timeout: Timeout for non-blocking request handling :param protocol: The protocol to serve. Supported values are - ``xmlrpc/ssl`` and ``xmlrpc/tlsv1``. + ``xmlrpc/ssl``, ``xmlrpc/tlsv1`` and ``xmlrpc/tls``. :type protocol: string """ # check whether or not we should listen on all interfaces @@ -151,6 +151,8 @@ class SSLServer(SocketServer.TCPServer, object): self.ssl_protocol = ssl.PROTOCOL_SSLv23 elif protocol == 'xmlrpc/tlsv1': self.ssl_protocol = ssl.PROTOCOL_TLSv1 + elif protocol == 'xmlrpc/tls': + self.ssl_protocol = ssl.PROTOCOL_TLS_SERVER else: self.logger.error("Unknown protocol %s" % (protocol)) raise Exception("unknown protocol %s" % protocol) @@ -335,8 +337,8 @@ class XMLRPCServer(SocketServer.ThreadingMixIn, SSLServer, """ Component XMLRPCServer. """ def __init__(self, listen_all, server_address, RequestHandlerClass=None, - keyfile=None, certfile=None, ca=None, protocol='xmlrpc/tlsv1', - timeout=10, logRequests=False, + keyfile=None, certfile=None, ca=None, + protocol='xmlrpc/tls', timeout=10, logRequests=False, register=True, allow_none=True, encoding=None): """ :param listen_all: Listen on all interfaces |