From 614f3df4b83bf197e60a510269e71f5a32b36661 Mon Sep 17 00:00:00 2001 From: ThomasV Date: Tue, 27 Oct 2015 10:44:36 +0100 Subject: [PATCH] Revert "Use ssl.PROTOCOL_TLSv1 on client side to avoid SSLv23" This reverts commit 4731418af9d47084a2b88dad38bf2d279c392d9b. --- lib/interface.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/interface.py b/lib/interface.py index 8fea8531..659e2720 100644 --- a/lib/interface.py +++ b/lib/interface.py @@ -117,7 +117,7 @@ class TcpConnection(threading.Thread, util.PrintError): return # try with CA first try: - s = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1, cert_reqs=ssl.CERT_REQUIRED, ca_certs=ca_path, do_handshake_on_connect=True) + s = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_SSLv23, cert_reqs=ssl.CERT_REQUIRED, ca_certs=ca_path, do_handshake_on_connect=True) except ssl.SSLError, e: s = None if s and self.check_host_name(s.getpeercert(), self.host): @@ -130,7 +130,7 @@ class TcpConnection(threading.Thread, util.PrintError): if s is None: return try: - s = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1, cert_reqs=ssl.CERT_NONE, ca_certs=None) + s = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_SSLv23, cert_reqs=ssl.CERT_NONE, ca_certs=None) except ssl.SSLError, e: self.print_error("SSL error retrieving SSL certificate:", e) return @@ -153,7 +153,7 @@ class TcpConnection(threading.Thread, util.PrintError): if self.use_ssl: try: s = ssl.wrap_socket(s, - ssl_version=ssl.PROTOCOL_TLSv1, + ssl_version=ssl.PROTOCOL_SSLv23, cert_reqs=ssl.CERT_REQUIRED, ca_certs= (temporary_path if is_new else cert_path), do_handshake_on_connect=True)