Rezzect/syncplay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

startTLS: add accepted ciphers list and remove DH params

Browse Source
This commit is contained in:
Alberto Sottile 2019-02-11 14:10:21 +01:00
parent 9721cf32e4
commit dbb2b1c9ff
1 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
syncplay/server.py
View File

@ -13,7 +13,6 @@ from twisted.internet.protocol import Factory
try: try:
from OpenSSL import crypto from OpenSSL import crypto
from twisted.internet import ssl from twisted.internet import ssl
from twisted.python.filepath import FilePath
except: except:
pass pass
@ -206,19 +205,21 @@ class SyncFactory(Factory):
def _allowTLSconnections(self, path): def _allowTLSconnections(self, path):
try: try:
privkey = open(path+'/privkey.pem', 'rt').read() privKey = open(path+'/privkey.pem', 'rt').read()
certif = open(path+'/cert.pem', 'rt').read() certif = open(path+'/cert.pem', 'rt').read()
chain = open(path+'/chain.pem', 'rt').read() chain = open(path+'/chain.pem', 'rt').read()
privkeypyssl = crypto.load_privatekey(crypto.FILETYPE_PEM, privkey) privKeyPySSL = crypto.load_privatekey(crypto.FILETYPE_PEM, privKey)
certifpyssl = crypto.load_certificate(crypto.FILETYPE_PEM, certif) certifPySSL = crypto.load_certificate(crypto.FILETYPE_PEM, certif)
chainpyssl = [crypto.load_certificate(crypto.FILETYPE_PEM, chain)] chainPySSL = [crypto.load_certificate(crypto.FILETYPE_PEM, chain)]
dhFilePath = FilePath(path+'/dh_param.pem') cipherListString = "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"\
dhParams = ssl.DiffieHellmanParameters.fromFile(dhFilePath) "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:"\
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384"
accCiphers = ssl.AcceptableCiphers.fromOpenSSLCipherString(cipherListString)
contextFactory = ssl.CertificateOptions(privateKey=privkeypyssl, certificate=certifpyssl, contextFactory = ssl.CertificateOptions(privateKey=privKeyPySSL, certificate=certifPySSL,
extraCertChain=chainpyssl, dhParameters=dhParams, extraCertChain=chainPySSL, acceptableCiphers=accCiphers,
raiseMinimumTo=ssl.TLSVersion.TLSv1_2) raiseMinimumTo=ssl.TLSVersion.TLSv1_2)
self.options = contextFactory self.options = contextFactory
except Exception as e: except Exception as e: