Thanks. I researched the ssl module changes, but it's a bit confusing to me.
On Thu, 24 Jan 2019 02:53:56 +0900, alex wrote: > > Signed-off-by: alex <atoptsog...@suse.com> > --- > ryu/controller/controller.py | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/ryu/controller/controller.py b/ryu/controller/controller.py > index 62135339..9198bfb1 100644 > --- a/ryu/controller/controller.py > +++ b/ryu/controller/controller.py > @@ -164,6 +164,10 @@ class OpenFlowController(object): > client.stop() > > def server_loop(self, ofp_tcp_listen_port, ofp_ssl_listen_port): > + if hasattr(ssl, 'PROTOCOL_TLS'): > + p = "PROTOCOL_TLS" It's better to disable SSL in this case. To do that, SSLContext.wrap_socket should be used in ryu.lib.hub.StreamServer in order to use OP_NO_SSLv3, IIUC. > + else: > + p = "PROTOCOL_SSLv23" To prevent SSL v2 or v3 on python <2.7.9, I think this should be PROTOCOL_TLSv1. > if CONF.ctl_privkey is not None and CONF.ctl_cert is not None: > if CONF.ca_certs is not None: > server = StreamServer((CONF.ofp_listen_host, > @@ -173,14 +177,14 @@ class OpenFlowController(object): > certfile=CONF.ctl_cert, > cert_reqs=ssl.CERT_REQUIRED, > ca_certs=CONF.ca_certs, > - ssl_version=ssl.PROTOCOL_TLSv1) > + ssl_version=getattr(ssl, p)) > else: > server = StreamServer((CONF.ofp_listen_host, > ofp_ssl_listen_port), > datapath_connection_factory, > keyfile=CONF.ctl_privkey, > certfile=CONF.ctl_cert, > - ssl_version=ssl.PROTOCOL_TLSv1) > + ssl_version=getattr(ssl, p)) > else: > server = StreamServer((CONF.ofp_listen_host, > ofp_tcp_listen_port), > -- > 2.16.4 > > > > _______________________________________________ > Ryu-devel mailing list > Ryu-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/ryu-devel > _______________________________________________ Ryu-devel mailing list Ryu-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ryu-devel
