From 1c42611d170bae5c8bb3ce47389b9039204de654 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonah=20Br=C3=BCchert?= Date: Sat, 20 Apr 2024 01:12:49 +0200 Subject: Default to using the highest available TLS version --- src/lib/Bcfg2/Client/Proxy.py | 4 +--- src/lib/Bcfg2/Options/Common.py | 4 ++-- src/lib/Bcfg2/Server/SSLServer.py | 10 ++++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/lib/Bcfg2/Client/Proxy.py b/src/lib/Bcfg2/Client/Proxy.py index dd841dd08..5b5ef9da6 100644 --- a/src/lib/Bcfg2/Client/Proxy.py +++ b/src/lib/Bcfg2/Client/Proxy.py @@ -202,9 +202,7 @@ class SSLHTTPConnection(httplib.HTTPConnection): elif self.protocol == 'xmlrpc/tlsv1': ssl_protocol_ver = ssl.PROTOCOL_TLSv1 elif self.protocol == 'xmlrpc/tls': - if has_py310: - ssl_protocol_ver = ssl.PROTOCOL_TLS_SERVER - elif has_py36: + if has_py36: ssl_protocol_ver = ssl.PROTOCOL_TLS elif has_py34: ssl_protocol_ver = ssl.PROTOCOL_TLSv1_2 diff --git a/src/lib/Bcfg2/Options/Common.py b/src/lib/Bcfg2/Options/Common.py index 620a7604c..8323342aa 100644 --- a/src/lib/Bcfg2/Options/Common.py +++ b/src/lib/Bcfg2/Options/Common.py @@ -113,8 +113,8 @@ class Common(object): #: Communication protocol protocol = Option( - cf=('communication', 'protocol'), default='xmlrpc/tlsv1', - choices=['xmlrpc/ssl', 'xmlrpc/tlsv1'], + cf=('communication', 'protocol'), default='xmlrpc/tls', + choices=['xmlrpc/ssl', 'xmlrpc/tlsv1', 'xmlrpc/tls'], help='Communication protocol to use.') #: Default Path paranoid setting diff --git a/src/lib/Bcfg2/Server/SSLServer.py b/src/lib/Bcfg2/Server/SSLServer.py index f0e8696cf..e4a6c8da8 100644 --- a/src/lib/Bcfg2/Server/SSLServer.py +++ b/src/lib/Bcfg2/Server/SSLServer.py @@ -74,7 +74,7 @@ class SSLServer(SocketServer.TCPServer, object): def __init__(self, listen_all, server_address, RequestHandlerClass, keyfile=None, certfile=None, reqCert=False, ca=None, - timeout=None, protocol='xmlrpc/tlsv1'): + timeout=None, protocol='xmlrpc/tls'): """ :param listen_all: Listen on all interfaces :type listen_all: bool @@ -90,7 +90,7 @@ class SSLServer(SocketServer.TCPServer, object): :type ca: string :param timeout: Timeout for non-blocking request handling :param protocol: The protocol to serve. Supported values are - ``xmlrpc/ssl`` and ``xmlrpc/tlsv1``. + ``xmlrpc/ssl``, ``xmlrpc/tlsv1`` and ``xmlrpc/tls``. :type protocol: string """ # check whether or not we should listen on all interfaces @@ -151,6 +151,8 @@ class SSLServer(SocketServer.TCPServer, object): self.ssl_protocol = ssl.PROTOCOL_SSLv23 elif protocol == 'xmlrpc/tlsv1': self.ssl_protocol = ssl.PROTOCOL_TLSv1 + elif protocol == 'xmlrpc/tls': + self.ssl_protocol = ssl.PROTOCOL_TLS_SERVER else: self.logger.error("Unknown protocol %s" % (protocol)) raise Exception("unknown protocol %s" % protocol) @@ -335,8 +337,8 @@ class XMLRPCServer(SocketServer.ThreadingMixIn, SSLServer, """ Component XMLRPCServer. """ def __init__(self, listen_all, server_address, RequestHandlerClass=None, - keyfile=None, certfile=None, ca=None, protocol='xmlrpc/tlsv1', - timeout=10, logRequests=False, + keyfile=None, certfile=None, ca=None, + protocol='xmlrpc/tls', timeout=10, logRequests=False, register=True, allow_none=True, encoding=None): """ :param listen_all: Listen on all interfaces -- cgit v1.2.3-1-g7c22