From c225795793696c5b5d4a9243ebeb129091229ca5 Mon Sep 17 00:00:00 2001 From: ThomasV Date: Fri, 31 Oct 2014 14:59:59 +0100 Subject: [PATCH] use ssl.PROTOCOL_SSLv23 --- lib/interface.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/interface.py b/lib/interface.py index 17bdd2d3..0831dd55 100644 --- a/lib/interface.py +++ b/lib/interface.py @@ -173,7 +173,7 @@ class TcpInterface(threading.Thread): return # try with CA first try: - s = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_SSLv3, cert_reqs=ssl.CERT_REQUIRED, ca_certs=ca_path, do_handshake_on_connect=True) + s = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_SSLv23, cert_reqs=ssl.CERT_REQUIRED, ca_certs=ca_path, do_handshake_on_connect=True) except ssl.SSLError, e: s = None if s and self.check_host_name(s.getpeercert(), self.host): @@ -184,7 +184,7 @@ class TcpInterface(threading.Thread): # Do not use ssl.get_server_certificate because it does not work with proxy s = self.get_simple_socket() try: - s = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_SSLv3, cert_reqs=ssl.CERT_NONE, ca_certs=None) + s = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_SSLv23, cert_reqs=ssl.CERT_NONE, ca_certs=None) except ssl.SSLError, e: print_error("SSL error retrieving SSL certificate:", self.host, e) return @@ -210,7 +210,7 @@ class TcpInterface(threading.Thread): if self.use_ssl: try: s = ssl.wrap_socket(s, - ssl_version=ssl.PROTOCOL_SSLv3, + ssl_version=ssl.PROTOCOL_SSLv23, cert_reqs=ssl.CERT_REQUIRED, ca_certs= (temporary_path if is_new else cert_path), do_handshake_on_connect=True)