URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA

tiran commented:
"""
```
ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
ctx.options = ssl.OP_ALL | ssl.OP_NO_COMPRESSION | ssl.OP_SINGLE_DH_USE | 
ssl.OP_SINGLE_ECDH_USE | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3
try:
    # use Fedora crypto policy
    # https://fedoraproject.org/wiki/Changes/CryptoPolicy
    ctx.set_ciphers("PROFILE=SYSTEM")
except ssl.SSLError:
    # high ciphers without RC4, MD5, TripleDES, pre-shared key and secure 
remote password
    ctx.set_ciphers("HIGH:!aNULL:!eNULL:!MD5:!RC4:!3DES:!PSK:!SRP")
```
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/367#issuecomment-270659921
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to