Remove the check for PROTOCOL_SSLv23
PROTOCOL_SSLv23 is a constant (admittedly poorly named) that will always negotiate the highest protocol version that both the client and server support. It will, for example, negotiate TLSv1.2 if both client and server can use it. Calling it out as "insecure" is patently wrong. Change-Id: Ie4f16bee35e7e8be2c6e55e28384d2c6c554d249
This commit is contained in:
parent
43f27afe3c
commit
09f0fa9ce7
|
@ -90,7 +90,6 @@ hardcoded_password:
|
|||
ssl_with_bad_version:
|
||||
bad_protocol_versions:
|
||||
- 'PROTOCOL_SSLv2'
|
||||
- 'PROTOCOL_SSLv23'
|
||||
- 'SSLv2_METHOD'
|
||||
- 'SSLv23_METHOD'
|
||||
- 'PROTOCOL_SSLv3' # strict option
|
||||
|
|
|
@ -2,12 +2,10 @@ import ssl
|
|||
from pyOpenSSL import SSL
|
||||
|
||||
ssl.wrap_socket(ssl_version=ssl.PROTOCOL_SSLv2)
|
||||
ssl.wrap_socket(ssl_version=ssl.PROTOCOL_SSLv23)
|
||||
SSL.Context(method=SSL.SSLv2_METHOD)
|
||||
SSL.Context(method=SSL.SSLv23_METHOD)
|
||||
|
||||
herp_derp(ssl_version=ssl.PROTOCOL_SSLv2)
|
||||
herp_derp(ssl_version=ssl.PROTOCOL_SSLv23)
|
||||
herp_derp(method=SSL.SSLv2_METHOD)
|
||||
herp_derp(method=SSL.SSLv23_METHOD)
|
||||
|
||||
|
@ -27,9 +25,6 @@ ssl.wrap_socket()
|
|||
def open_ssl_socket(version=ssl.PROTOCOL_SSLv2):
|
||||
pass
|
||||
|
||||
def open_ssl_socket(version=ssl.PROTOCOL_SSLv23):
|
||||
pass
|
||||
|
||||
def open_ssl_socket(version=SSL.SSLv2_METHOD):
|
||||
pass
|
||||
|
||||
|
|
|
@ -190,7 +190,7 @@ class FunctionalTests(unittest.TestCase):
|
|||
def test_ssl_insecure_version(self):
|
||||
path = os.path.join(os.getcwd(), 'examples', 'ssl-insecure-version.py')
|
||||
self.b_mgr.run_scope([path])
|
||||
self.assertEqual(self.b_mgr.scores[0], 141)
|
||||
self.assertEqual(self.b_mgr.scores[0], 121)
|
||||
|
||||
def test_subprocess_call_linebreaks(self):
|
||||
path = os.path.join(os.getcwd(), 'examples',
|
||||
|
|
Loading…
Reference in New Issue