本文整理汇总了Python中OpenSSL.SSL.OP_NO_SSLv2方法的典型用法代码示例。如果您正苦于以下问题:Python SSL.OP_NO_SSLv2方法的具体用法?Python SSL.OP_NO_SSLv2怎么用?Python SSL.OP_NO_SSLv2使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类OpenSSL.SSL
的用法示例。
在下文中一共展示了SSL.OP_NO_SSLv2方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _set_context_options
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv2 [as 别名]
def _set_context_options(self, ctx, protocols_to_disable):
try:
# always disable SSLv2, as per RFC 6176
ctx.set_options(SSL.OP_NO_SSLv2)
# aerospike does not support SSLv3
ctx.set_options(SSL.OP_NO_SSLv3)
except Exception:
pass
if not protocols_to_disable:
return ctx
for proto in protocols_to_disable:
try:
if proto == "TLSv1":
ctx.set_options(SSL.OP_NO_TLSv1)
elif proto == "TLSv1.1":
ctx.set_options(SSL.OP_NO_TLSv1_1)
elif proto == "TLSv1.2":
ctx.set_options(SSL.OP_NO_TLSv1_2)
except Exception:
pass
return ctx
示例2: get_ssl_context
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv2 [as 别名]
def get_ssl_context(cls):
if cls.ssl_context is None:
if cls.certfile is None:
raise ValueError("at least certfile must be specified")
cls.ssl_context = SSL.Context(cls.ssl_protocol)
if cls.ssl_protocol != SSL.SSLv2_METHOD:
cls.ssl_context.set_options(SSL.OP_NO_SSLv2)
else:
warnings.warn("SSLv2 protocol is insecure", RuntimeWarning)
cls.ssl_context.use_certificate_chain_file(cls.certfile)
if not cls.keyfile:
cls.keyfile = cls.certfile
cls.ssl_context.use_privatekey_file(cls.keyfile)
return cls.ssl_context
# --- overridden methods
示例3: _server
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv2 [as 别名]
def _server(self, sock):
"""
Create a new server-side SSL :py:obj:`Connection` object wrapped around
:py:obj:`sock`.
"""
# Create the server side Connection. This is mostly setup boilerplate
# - use TLSv1, use a particular certificate, etc.
server_ctx = Context(TLSv1_METHOD)
server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )
server_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)
server_store = server_ctx.get_cert_store()
server_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))
server_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))
server_ctx.check_privatekey()
server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))
# Here the Connection is actually created. If None is passed as the 2nd
# parameter, it indicates a memory BIO should be created.
server_conn = Connection(server_ctx, sock)
server_conn.set_accept_state()
return server_conn
示例4: test_tlsProtocolsreduceToMaxWithoutMin
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv2 [as 别名]
def test_tlsProtocolsreduceToMaxWithoutMin(self):
"""
When calling L{sslverify.OpenSSLCertificateOptions} with
C{lowerMaximumSecurityTo} but no C{raiseMinimumTo} or
C{insecurelyLowerMinimumTo} set, and C{lowerMaximumSecurityTo} is
below the minimum default, the minimum will be made the new maximum.
"""
opts = sslverify.OpenSSLCertificateOptions(
privateKey=self.sKey,
certificate=self.sCert,
lowerMaximumSecurityTo=sslverify.TLSVersion.SSLv3,
)
opts._contextFactory = FakeContext
ctx = opts.getContext()
options = (SSL.OP_NO_SSLv2 | SSL.OP_NO_COMPRESSION |
SSL.OP_CIPHER_SERVER_PREFERENCE | SSL.OP_NO_TLSv1 |
SSL.OP_NO_TLSv1_1 | SSL.OP_NO_TLSv1_2 | opts._OP_NO_TLSv1_3)
self.assertEqual(options, ctx._options & options)
示例5: test_tlsProtocolsSSLv3Only
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv2 [as 别名]
def test_tlsProtocolsSSLv3Only(self):
"""
When calling L{sslverify.OpenSSLCertificateOptions} with
C{insecurelyLowerMinimumTo} and C{lowerMaximumSecurityTo} set to
SSLv3, it will exclude all others.
"""
opts = sslverify.OpenSSLCertificateOptions(
privateKey=self.sKey,
certificate=self.sCert,
insecurelyLowerMinimumTo=sslverify.TLSVersion.SSLv3,
lowerMaximumSecurityTo=sslverify.TLSVersion.SSLv3,
)
opts._contextFactory = FakeContext
ctx = opts.getContext()
options = (SSL.OP_NO_SSLv2 | SSL.OP_NO_COMPRESSION |
SSL.OP_CIPHER_SERVER_PREFERENCE | SSL.OP_NO_TLSv1 |
SSL.OP_NO_TLSv1_1 | SSL.OP_NO_TLSv1_2 | opts._OP_NO_TLSv1_3)
self.assertEqual(options, ctx._options & options)
示例6: test_tlsProtocolsTLSv1Point0Only
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv2 [as 别名]
def test_tlsProtocolsTLSv1Point0Only(self):
"""
When calling L{sslverify.OpenSSLCertificateOptions} with
C{insecurelyLowerMinimumTo} and C{lowerMaximumSecurityTo} set to v1.0,
it will exclude all others.
"""
opts = sslverify.OpenSSLCertificateOptions(
privateKey=self.sKey,
certificate=self.sCert,
insecurelyLowerMinimumTo=sslverify.TLSVersion.TLSv1_0,
lowerMaximumSecurityTo=sslverify.TLSVersion.TLSv1_0,
)
opts._contextFactory = FakeContext
ctx = opts.getContext()
options = (SSL.OP_NO_SSLv2 | SSL.OP_NO_COMPRESSION |
SSL.OP_CIPHER_SERVER_PREFERENCE | SSL.OP_NO_SSLv3 |
SSL.OP_NO_TLSv1_1 | SSL.OP_NO_TLSv1_2 | opts._OP_NO_TLSv1_3)
self.assertEqual(options, ctx._options & options)
示例7: test_tlsProtocolsTLSv1Point1Only
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv2 [as 别名]
def test_tlsProtocolsTLSv1Point1Only(self):
"""
When calling L{sslverify.OpenSSLCertificateOptions} with
C{insecurelyLowerMinimumTo} and C{lowerMaximumSecurityTo} set to v1.1,
it will exclude all others.
"""
opts = sslverify.OpenSSLCertificateOptions(
privateKey=self.sKey,
certificate=self.sCert,
insecurelyLowerMinimumTo=sslverify.TLSVersion.TLSv1_1,
lowerMaximumSecurityTo=sslverify.TLSVersion.TLSv1_1,
)
opts._contextFactory = FakeContext
ctx = opts.getContext()
options = (SSL.OP_NO_SSLv2 | SSL.OP_NO_COMPRESSION |
SSL.OP_CIPHER_SERVER_PREFERENCE | SSL.OP_NO_SSLv3 |
SSL.OP_NO_TLSv1 | SSL.OP_NO_TLSv1_2 | opts._OP_NO_TLSv1_3)
self.assertEqual(options, ctx._options & options)
示例8: test_tlsProtocolsAllModernTLS
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv2 [as 别名]
def test_tlsProtocolsAllModernTLS(self):
"""
When calling L{sslverify.OpenSSLCertificateOptions} with
C{insecurelyLowerMinimumTo} set to TLSv1.0 and
C{lowerMaximumSecurityTo} to TLSv1.2, it will exclude both SSLs and
the (unreleased) TLSv1.3.
"""
opts = sslverify.OpenSSLCertificateOptions(
privateKey=self.sKey,
certificate=self.sCert,
insecurelyLowerMinimumTo=sslverify.TLSVersion.TLSv1_0,
lowerMaximumSecurityTo=sslverify.TLSVersion.TLSv1_2,
)
opts._contextFactory = FakeContext
ctx = opts.getContext()
options = (SSL.OP_NO_SSLv2 | SSL.OP_NO_COMPRESSION |
SSL.OP_CIPHER_SERVER_PREFERENCE | SSL.OP_NO_SSLv3 |
opts._OP_NO_TLSv1_3)
self.assertEqual(options, ctx._options & options)
示例9: test_tlsProtocolsAtLeastAllSecureTLS
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv2 [as 别名]
def test_tlsProtocolsAtLeastAllSecureTLS(self):
"""
When calling L{sslverify.OpenSSLCertificateOptions} with
C{raiseMinimumTo} set to TLSv1.2, it will ignore all TLSs below
1.2 and SSL.
"""
opts = sslverify.OpenSSLCertificateOptions(
privateKey=self.sKey,
certificate=self.sCert,
raiseMinimumTo=sslverify.TLSVersion.TLSv1_2
)
opts._contextFactory = FakeContext
ctx = opts.getContext()
options = (SSL.OP_NO_SSLv2 | SSL.OP_NO_COMPRESSION |
SSL.OP_CIPHER_SERVER_PREFERENCE | SSL.OP_NO_SSLv3 |
SSL.OP_NO_TLSv1 | SSL.OP_NO_TLSv1_1)
self.assertEqual(options, ctx._options & options)
示例10: test_tlsProtocolsAtLeastWillAcceptHigherDefault
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv2 [as 别名]
def test_tlsProtocolsAtLeastWillAcceptHigherDefault(self):
"""
When calling L{sslverify.OpenSSLCertificateOptions} with
C{raiseMinimumTo} set to a value lower than Twisted's default will
cause it to use the more secure default.
"""
opts = sslverify.OpenSSLCertificateOptions(
privateKey=self.sKey,
certificate=self.sCert,
raiseMinimumTo=sslverify.TLSVersion.SSLv3
)
opts._contextFactory = FakeContext
ctx = opts.getContext()
# Future maintainer warning: this will break if we change our default
# up, so you should change it to add the relevant OP_NO flags when we
# do make that change and this test fails.
options = (SSL.OP_NO_SSLv2 | SSL.OP_NO_COMPRESSION |
SSL.OP_CIPHER_SERVER_PREFERENCE | SSL.OP_NO_SSLv3)
self.assertEqual(options, ctx._options & options)
self.assertEqual(opts._defaultMinimumTLSVersion,
sslverify.TLSVersion.TLSv1_0)
示例11: test_tlsProtocolsAllSecureTLS
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv2 [as 别名]
def test_tlsProtocolsAllSecureTLS(self):
"""
When calling L{sslverify.OpenSSLCertificateOptions} with
C{insecurelyLowerMinimumTo} set to TLSv1.2, it will ignore all TLSs below
1.2 and SSL.
"""
opts = sslverify.OpenSSLCertificateOptions(
privateKey=self.sKey,
certificate=self.sCert,
insecurelyLowerMinimumTo=sslverify.TLSVersion.TLSv1_2
)
opts._contextFactory = FakeContext
ctx = opts.getContext()
options = (SSL.OP_NO_SSLv2 | SSL.OP_NO_COMPRESSION |
SSL.OP_CIPHER_SERVER_PREFERENCE | SSL.OP_NO_SSLv3 |
SSL.OP_NO_TLSv1 | SSL.OP_NO_TLSv1_1)
self.assertEqual(options, ctx._options & options)
示例12: _server
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv2 [as 别名]
def _server(self, sock):
"""
Create a new server-side SSL `Connection` object wrapped around `sock`.
"""
# Create the server side Connection. This is mostly setup boilerplate
# - use TLSv1, use a particular certificate, etc.
server_ctx = Context(TLSv1_METHOD)
server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE)
server_ctx.set_verify(
VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT | VERIFY_CLIENT_ONCE,
verify_cb
)
server_store = server_ctx.get_cert_store()
server_ctx.use_privatekey(
load_privatekey(FILETYPE_PEM, server_key_pem))
server_ctx.use_certificate(
load_certificate(FILETYPE_PEM, server_cert_pem))
server_ctx.check_privatekey()
server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))
# Here the Connection is actually created. If None is passed as the
# 2nd parameter, it indicates a memory BIO should be created.
server_conn = Connection(server_ctx, sock)
server_conn.set_accept_state()
return server_conn
示例13: _client
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv2 [as 别名]
def _client(self, sock):
"""
Create a new client-side SSL `Connection` object wrapped around `sock`.
"""
# Now create the client side Connection. Similar boilerplate to the
# above.
client_ctx = Context(TLSv1_METHOD)
client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE)
client_ctx.set_verify(
VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT | VERIFY_CLIENT_ONCE,
verify_cb
)
client_store = client_ctx.get_cert_store()
client_ctx.use_privatekey(
load_privatekey(FILETYPE_PEM, client_key_pem))
client_ctx.use_certificate(
load_certificate(FILETYPE_PEM, client_cert_pem))
client_ctx.check_privatekey()
client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))
client_conn = Connection(client_ctx, sock)
client_conn.set_connect_state()
return client_conn
示例14: test_set_options
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv2 [as 别名]
def test_set_options(self):
"""
:py:obj:`Context.set_options` returns the new options value.
"""
context = Context(TLSv1_METHOD)
options = context.set_options(OP_NO_SSLv2)
self.assertTrue(OP_NO_SSLv2 & options)
示例15: test_set_options_long
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv2 [as 别名]
def test_set_options_long(self):
"""
On Python 2 :py:obj:`Context.set_options` accepts values of type
:py:obj:`long` as well as :py:obj:`int`.
"""
context = Context(TLSv1_METHOD)
options = context.set_options(long(OP_NO_SSLv2))
self.assertTrue(OP_NO_SSLv2 & options)