Allow clients to choose TLS versions > 1.0 #18

wiegandm · 2018-06-14T12:06:23Z

This commit allows OSP clients to negotiate a TLS version higher than
TLSv1.0 instead of forcing them to use this specific protocol version
which may be subject to protocol-specific weaknesses depending on the
environment.

As the comment explains, the constant ssl.PROTOCOL_SSLv23 does indeed
select the highest protocol version that both the client and server
support for current Python versions (>= 3.4), despite its name.

If compatibility with Python 3.4 is no longer desired, the slightly more
fitting constant ssl.PROTOCOL_TLS should be used.

This commit allows OSP clients to negotiate a TLS version higher than TLSv1.0 instead of forcing them to use this specific protocol version which may be subject to protocol-specific weaknesses depending on the environment. As the comment explains, the constant `ssl.PROTOCOL_SSLv23` does indeed select the highest protocol version that both the client and server support for current Python versions (>= 3.4), despite its name. If compatibility with Python 3.4 is no longer desired, the slightly more fitting constant `ssl.PROTOCOL_TLS` should be used.

wiegandm requested review from jjnicola, janowagner and a team June 14, 2018 12:06

jjnicola approved these changes Jun 15, 2018

View reviewed changes

Merge branch 'master' into allow_tls_gt_10

67b10ef

janowagner approved these changes Jun 15, 2018

View reviewed changes

janowagner merged commit ea6093c into greenbone:master Jun 15, 2018

wiegandm deleted the allow_tls_gt_10 branch June 18, 2018 05:55

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow clients to choose TLS versions > 1.0 #18

Allow clients to choose TLS versions > 1.0 #18

wiegandm commented Jun 14, 2018

Allow clients to choose TLS versions > 1.0 #18

Allow clients to choose TLS versions > 1.0 #18

Conversation

wiegandm commented Jun 14, 2018