equal
deleted
inserted
replaced
248 # |
248 # |
249 # The PROTOCOL_TLSv* constants select a specific TLS version |
249 # The PROTOCOL_TLSv* constants select a specific TLS version |
250 # only (as opposed to multiple versions). So the method for |
250 # only (as opposed to multiple versions). So the method for |
251 # supporting multiple TLS versions is to use PROTOCOL_SSLv23 and |
251 # supporting multiple TLS versions is to use PROTOCOL_SSLv23 and |
252 # disable protocols via SSLContext.options and OP_NO_* constants. |
252 # disable protocols via SSLContext.options and OP_NO_* constants. |
253 if supportedprotocols == {b'tls1.0'}: |
|
254 if minimumprotocol != b'tls1.0': |
|
255 raise error.Abort( |
|
256 _(b'current Python does not support protocol setting %s') |
|
257 % minimumprotocol, |
|
258 hint=_( |
|
259 b'upgrade Python or disable setting since ' |
|
260 b'only TLS 1.0 is supported' |
|
261 ), |
|
262 ) |
|
263 |
|
264 return ssl.PROTOCOL_TLSv1, 0 |
|
265 |
253 |
266 # SSLv2 and SSLv3 are broken. We ban them outright. |
254 # SSLv2 and SSLv3 are broken. We ban them outright. |
267 options = ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 |
255 options = ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 |
268 |
256 |
269 if minimumprotocol == b'tls1.0': |
257 if minimumprotocol == b'tls1.0': |