[pypy-commit] pypy py3.6: Fix default socket options, added by CPython Issue 28043.

amauryfa Sun, 22 Apr 2018 14:27:10 -0700

Author: Amaury Forgeot d'Arc <amaur...@gmail.com>
Branch: py3.6
Changeset: r94415:26bff7c256af
Date: 2018-04-22 21:04 +0200
http://bitbucket.org/pypy/pypy/changeset/26bff7c256af/


Log:    Fix default socket options, added by CPython Issue 28043.

diff --git a/lib_pypy/_cffi_ssl/_stdssl/__init__.py 
b/lib_pypy/_cffi_ssl/_stdssl/__init__.py
--- a/lib_pypy/_cffi_ssl/_stdssl/__init__.py
+++ b/lib_pypy/_cffi_ssl/_stdssl/__init__.py
@@ -64,7 +64,9 @@
 
 for name in dir(lib):
     if name.startswith('SSL_OP'):
-        globals()[name[4:]] = getattr(lib, name)
+        value = getattr(lib, name)
+        if value != 0:
+            globals()[name[4:]] = getattr(lib, name)
 
 OP_ALL = lib.SSL_OP_ALL & ~lib.SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
 
@@ -829,6 +831,12 @@
             options |= lib.SSL_OP_NO_SSLv2
         if protocol != PROTOCOL_SSLv3:
             options |= lib.SSL_OP_NO_SSLv3
+        # Minimal security flags for server and client side context.
+        # Client sockets ignore server-side parameters.
+        options |= lib.SSL_OP_NO_COMPRESSION;
+        options |= lib.SSL_OP_CIPHER_SERVER_PREFERENCE;
+        options |= lib.SSL_OP_SINGLE_DH_USE;
+        options |= lib.SSL_OP_SINGLE_ECDH_USE;
         lib.SSL_CTX_set_options(self.ctx, options)
         lib.SSL_CTX_set_session_id_context(self.ctx, b"Python", len(b"Python"))
 
_______________________________________________
pypy-commit mailing list
pypy-commit@python.org
https://mail.python.org/mailman/listinfo/pypy-commit

[pypy-commit] pypy py3.6: Fix default socket options, added by CPython Issue 28043.

Reply via email to