当前位置: 首页>>代码示例>>Python>>正文


Python SSL.OP_NO_SSLv3方法代码示例

本文整理汇总了Python中OpenSSL.SSL.OP_NO_SSLv3方法的典型用法代码示例。如果您正苦于以下问题:Python SSL.OP_NO_SSLv3方法的具体用法?Python SSL.OP_NO_SSLv3怎么用?Python SSL.OP_NO_SSLv3使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在OpenSSL.SSL的用法示例。


在下文中一共展示了SSL.OP_NO_SSLv3方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: _set_context_options

# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv3 [as 别名]
def _set_context_options(self, ctx, protocols_to_disable):
        try:
            # always disable SSLv2, as per RFC 6176
            ctx.set_options(SSL.OP_NO_SSLv2)

            # aerospike does not support SSLv3
            ctx.set_options(SSL.OP_NO_SSLv3)
        except Exception:
            pass

        if not protocols_to_disable:
            return ctx

        for proto in protocols_to_disable:
            try:
                if proto == "TLSv1":
                    ctx.set_options(SSL.OP_NO_TLSv1)
                elif proto == "TLSv1.1":
                    ctx.set_options(SSL.OP_NO_TLSv1_1)
                elif proto == "TLSv1.2":
                    ctx.set_options(SSL.OP_NO_TLSv1_2)
            except Exception:
                pass
        return ctx 
开发者ID:aerospike,项目名称:aerospike-admin,代码行数:26,代码来源:ssl_context.py

示例2: _server

# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv3 [as 别名]
def _server(self, sock):
        """
        Create a new server-side SSL :py:obj:`Connection` object wrapped around
        :py:obj:`sock`.
        """
        # Create the server side Connection.  This is mostly setup boilerplate
        # - use TLSv1, use a particular certificate, etc.
        server_ctx = Context(TLSv1_METHOD)
        server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )
        server_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)
        server_store = server_ctx.get_cert_store()
        server_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))
        server_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))
        server_ctx.check_privatekey()
        server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))
        # Here the Connection is actually created.  If None is passed as the 2nd
        # parameter, it indicates a memory BIO should be created.
        server_conn = Connection(server_ctx, sock)
        server_conn.set_accept_state()
        return server_conn 
开发者ID:aliyun,项目名称:oss-ftp,代码行数:22,代码来源:test_ssl.py

示例3: _client

# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv3 [as 别名]
def _client(self, sock):
        """
        Create a new client-side SSL :py:obj:`Connection` object wrapped around
        :py:obj:`sock`.
        """
        # Now create the client side Connection.  Similar boilerplate to the
        # above.
        client_ctx = Context(TLSv1_METHOD)
        client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )
        client_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)
        client_store = client_ctx.get_cert_store()
        client_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, client_key_pem))
        client_ctx.use_certificate(load_certificate(FILETYPE_PEM, client_cert_pem))
        client_ctx.check_privatekey()
        client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))
        client_conn = Connection(client_ctx, sock)
        client_conn.set_connect_state()
        return client_conn 
开发者ID:aliyun,项目名称:oss-ftp,代码行数:20,代码来源:test_ssl.py

示例4: test_tlsProtocolsTLSv1Point1Only

# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv3 [as 别名]
def test_tlsProtocolsTLSv1Point1Only(self):
        """
        When calling L{sslverify.OpenSSLCertificateOptions} with
        C{insecurelyLowerMinimumTo} and C{lowerMaximumSecurityTo} set to v1.1,
        it will exclude all others.
        """
        opts = sslverify.OpenSSLCertificateOptions(
            privateKey=self.sKey,
            certificate=self.sCert,
            insecurelyLowerMinimumTo=sslverify.TLSVersion.TLSv1_1,
            lowerMaximumSecurityTo=sslverify.TLSVersion.TLSv1_1,
        )
        opts._contextFactory = FakeContext
        ctx = opts.getContext()
        options = (SSL.OP_NO_SSLv2 | SSL.OP_NO_COMPRESSION |
                   SSL.OP_CIPHER_SERVER_PREFERENCE | SSL.OP_NO_SSLv3 |
                   SSL.OP_NO_TLSv1 | SSL.OP_NO_TLSv1_2 | opts._OP_NO_TLSv1_3)
        self.assertEqual(options, ctx._options & options) 
开发者ID:proxysh,项目名称:Safejumper-for-Desktop,代码行数:20,代码来源:test_sslverify.py

示例5: test_tlsProtocolsTLSv1Point2Only

# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv3 [as 别名]
def test_tlsProtocolsTLSv1Point2Only(self):
        """
        When calling L{sslverify.OpenSSLCertificateOptions} with
        C{insecurelyLowerMinimumTo} and C{lowerMaximumSecurityTo} set to v1.2,
        it will exclude all others.
        """
        opts = sslverify.OpenSSLCertificateOptions(
            privateKey=self.sKey,
            certificate=self.sCert,
            insecurelyLowerMinimumTo=sslverify.TLSVersion.TLSv1_2,
            lowerMaximumSecurityTo=sslverify.TLSVersion.TLSv1_2,
        )
        opts._contextFactory = FakeContext
        ctx = opts.getContext()
        options = (SSL.OP_NO_SSLv2 | SSL.OP_NO_COMPRESSION |
                   SSL.OP_CIPHER_SERVER_PREFERENCE | SSL.OP_NO_SSLv3 |
                   SSL.OP_NO_TLSv1 | SSL.OP_NO_TLSv1_1 | opts._OP_NO_TLSv1_3)
        self.assertEqual(options, ctx._options & options) 
开发者ID:proxysh,项目名称:Safejumper-for-Desktop,代码行数:20,代码来源:test_sslverify.py

示例6: test_tlsProtocolsAllModernTLS

# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv3 [as 别名]
def test_tlsProtocolsAllModernTLS(self):
        """
        When calling L{sslverify.OpenSSLCertificateOptions} with
        C{insecurelyLowerMinimumTo} set to TLSv1.0 and
        C{lowerMaximumSecurityTo} to TLSv1.2, it will exclude both SSLs and
        the (unreleased) TLSv1.3.
        """
        opts = sslverify.OpenSSLCertificateOptions(
            privateKey=self.sKey,
            certificate=self.sCert,
            insecurelyLowerMinimumTo=sslverify.TLSVersion.TLSv1_0,
            lowerMaximumSecurityTo=sslverify.TLSVersion.TLSv1_2,
        )
        opts._contextFactory = FakeContext
        ctx = opts.getContext()
        options = (SSL.OP_NO_SSLv2 | SSL.OP_NO_COMPRESSION |
                   SSL.OP_CIPHER_SERVER_PREFERENCE | SSL.OP_NO_SSLv3 |
                   opts._OP_NO_TLSv1_3)
        self.assertEqual(options, ctx._options & options) 
开发者ID:proxysh,项目名称:Safejumper-for-Desktop,代码行数:21,代码来源:test_sslverify.py

示例7: test_tlsProtocolsAtLeastAllSecureTLS

# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv3 [as 别名]
def test_tlsProtocolsAtLeastAllSecureTLS(self):
        """
        When calling L{sslverify.OpenSSLCertificateOptions} with
        C{raiseMinimumTo} set to TLSv1.2, it will ignore all TLSs below
        1.2 and SSL.
        """
        opts = sslverify.OpenSSLCertificateOptions(
            privateKey=self.sKey,
            certificate=self.sCert,
            raiseMinimumTo=sslverify.TLSVersion.TLSv1_2
        )
        opts._contextFactory = FakeContext
        ctx = opts.getContext()
        options = (SSL.OP_NO_SSLv2 | SSL.OP_NO_COMPRESSION |
                   SSL.OP_CIPHER_SERVER_PREFERENCE | SSL.OP_NO_SSLv3 |
                   SSL.OP_NO_TLSv1 | SSL.OP_NO_TLSv1_1)
        self.assertEqual(options, ctx._options & options) 
开发者ID:proxysh,项目名称:Safejumper-for-Desktop,代码行数:19,代码来源:test_sslverify.py

示例8: test_tlsProtocolsAtLeastWillAcceptHigherDefault

# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv3 [as 别名]
def test_tlsProtocolsAtLeastWillAcceptHigherDefault(self):
        """
        When calling L{sslverify.OpenSSLCertificateOptions} with
        C{raiseMinimumTo} set to a value lower than Twisted's default will
        cause it to use the more secure default.
        """
        opts = sslverify.OpenSSLCertificateOptions(
            privateKey=self.sKey,
            certificate=self.sCert,
            raiseMinimumTo=sslverify.TLSVersion.SSLv3
        )
        opts._contextFactory = FakeContext
        ctx = opts.getContext()
        # Future maintainer warning: this will break if we change our default
        # up, so you should change it to add the relevant OP_NO flags when we
        # do make that change and this test fails.
        options = (SSL.OP_NO_SSLv2 | SSL.OP_NO_COMPRESSION |
                   SSL.OP_CIPHER_SERVER_PREFERENCE | SSL.OP_NO_SSLv3)
        self.assertEqual(options, ctx._options & options)
        self.assertEqual(opts._defaultMinimumTLSVersion,
                         sslverify.TLSVersion.TLSv1_0) 
开发者ID:proxysh,项目名称:Safejumper-for-Desktop,代码行数:23,代码来源:test_sslverify.py

示例9: _server

# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv3 [as 别名]
def _server(self, sock):
        """
        Create a new server-side SSL `Connection` object wrapped around `sock`.
        """
        # Create the server side Connection.  This is mostly setup boilerplate
        # - use TLSv1, use a particular certificate, etc.
        server_ctx = Context(TLSv1_METHOD)
        server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE)
        server_ctx.set_verify(
            VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT | VERIFY_CLIENT_ONCE,
            verify_cb
        )
        server_store = server_ctx.get_cert_store()
        server_ctx.use_privatekey(
            load_privatekey(FILETYPE_PEM, server_key_pem))
        server_ctx.use_certificate(
            load_certificate(FILETYPE_PEM, server_cert_pem))
        server_ctx.check_privatekey()
        server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))
        # Here the Connection is actually created.  If None is passed as the
        # 2nd parameter, it indicates a memory BIO should be created.
        server_conn = Connection(server_ctx, sock)
        server_conn.set_accept_state()
        return server_conn 
开发者ID:pyca,项目名称:pyopenssl,代码行数:26,代码来源:test_ssl.py

示例10: _client

# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv3 [as 别名]
def _client(self, sock):
        """
        Create a new client-side SSL `Connection` object wrapped around `sock`.
        """
        # Now create the client side Connection.  Similar boilerplate to the
        # above.
        client_ctx = Context(TLSv1_METHOD)
        client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE)
        client_ctx.set_verify(
            VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT | VERIFY_CLIENT_ONCE,
            verify_cb
        )
        client_store = client_ctx.get_cert_store()
        client_ctx.use_privatekey(
            load_privatekey(FILETYPE_PEM, client_key_pem))
        client_ctx.use_certificate(
            load_certificate(FILETYPE_PEM, client_cert_pem))
        client_ctx.check_privatekey()
        client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))
        client_conn = Connection(client_ctx, sock)
        client_conn.set_connect_state()
        return client_conn 
开发者ID:pyca,项目名称:pyopenssl,代码行数:24,代码来源:test_ssl.py

示例11: _expandCipherString

# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv3 [as 别名]
def _expandCipherString(cipherString, method, options):
    """
    Expand C{cipherString} according to C{method} and C{options} to a list
    of explicit ciphers that are supported by the current platform.

    @param cipherString: An OpenSSL cipher string to expand.
    @type cipherString: L{unicode}

    @param method: An OpenSSL method like C{SSL.TLSv1_METHOD} used for
        determining the effective ciphers.

    @param options: OpenSSL options like C{SSL.OP_NO_SSLv3} ORed together.
    @type options: L{int}

    @return: The effective list of explicit ciphers that results from the
        arguments on the current platform.
    @rtype: L{list} of L{ICipher}
    """
    ctx = SSL.Context(method)
    ctx.set_options(options)
    try:
        ctx.set_cipher_list(cipherString.encode('ascii'))
    except SSL.Error as e:
        if e.args[0][0][2] == 'no cipher match':
            return []
        else:
            raise
    conn = SSL.Connection(ctx, None)
    ciphers = conn.get_cipher_list()
    if isinstance(ciphers[0], unicode):
        return [OpenSSLCipher(cipher) for cipher in ciphers]
    else:
        return [OpenSSLCipher(cipher.decode('ascii')) for cipher in ciphers] 
开发者ID:proxysh,项目名称:Safejumper-for-Desktop,代码行数:35,代码来源:_sslverify.py

示例12: fromOpenSSLCipherString

# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv3 [as 别名]
def fromOpenSSLCipherString(cls, cipherString):
        """
        Create a new instance using an OpenSSL cipher string.

        @param cipherString: An OpenSSL cipher string that describes what
            cipher suites are acceptable.
            See the documentation of U{OpenSSL
            <http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS>} or
            U{Apache
            <http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslciphersuite>}
            for details.
        @type cipherString: L{unicode}

        @return: Instance representing C{cipherString}.
        @rtype: L{twisted.internet.ssl.AcceptableCiphers}
        """
        return cls(_expandCipherString(
            nativeString(cipherString),
            SSL.SSLv23_METHOD, SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
        )


# A secure default.
# Sources for more information on TLS ciphers:
#
# - https://wiki.mozilla.org/Security/Server_Side_TLS
# - https://www.ssllabs.com/projects/best-practices/index.html
# - https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
#
# The general intent is:
# - Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE),
# - prefer ECDHE over DHE for better performance,
# - prefer any AES-GCM and ChaCha20 over any AES-CBC for better performance and
#   security,
# - prefer AES-GCM to ChaCha20 because AES hardware support is common,
# - disable NULL authentication, MD5 MACs and DSS for security reasons.
# 
开发者ID:proxysh,项目名称:Safejumper-for-Desktop,代码行数:39,代码来源:_sslverify.py

示例13: test_method

# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv3 [as 别名]
def test_method(self):
        """
        L{ssl.DefaultOpenSSLContextFactory.getContext} returns an SSL context
        which can use SSLv3 or TLSv1 but not SSLv2.
        """
        # SSLv23_METHOD allows SSLv2, SSLv3, or TLSv1
        self.assertEqual(self.context._method, SSL.SSLv23_METHOD)

        # And OP_NO_SSLv2 disables the SSLv2 support.
        self.assertTrue(self.context._options & SSL.OP_NO_SSLv2)

        # Make sure SSLv3 and TLSv1 aren't disabled though.
        self.assertFalse(self.context._options & SSL.OP_NO_SSLv3)
        self.assertFalse(self.context._options & SSL.OP_NO_TLSv1) 
开发者ID:proxysh,项目名称:Safejumper-for-Desktop,代码行数:16,代码来源:test_ssl.py

示例14: test_tlsv1ByDefault

# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv3 [as 别名]
def test_tlsv1ByDefault(self):
        """
        L{sslverify.OpenSSLCertificateOptions} will make the default minimum
        TLS version v1.0, if no C{method}, or C{insecurelyLowerMinimumTo} is
        given.
        """
        opts = sslverify.OpenSSLCertificateOptions(
            privateKey=self.sKey,
            certificate=self.sCert
        )
        opts._contextFactory = FakeContext
        ctx = opts.getContext()
        options = (SSL.OP_NO_SSLv2 | SSL.OP_NO_COMPRESSION |
                   SSL.OP_CIPHER_SERVER_PREFERENCE | SSL.OP_NO_SSLv3)
        self.assertEqual(options, ctx._options & options) 
开发者ID:proxysh,项目名称:Safejumper-for-Desktop,代码行数:17,代码来源:test_sslverify.py

示例15: cacheContext

# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import OP_NO_SSLv3 [as 别名]
def cacheContext(self):
        """Setup the main context factory with custom SSL settings"""
        if self._context is None:
            ctx = self._contextFactory(self.sslmethod)

            ctx.set_cipher_list(MOZILLA_INTERMEDIATE_CIPHERS)
            ctx.set_options(SSL.OP_CIPHER_SERVER_PREFERENCE)
            ctx.set_options(SSL.OP_NO_SSLv2)
            ctx.set_options(SSL.OP_NO_SSLv3)
            ctx.set_options(SSL.OP_NO_COMPRESSION)
            ctx.set_mode(SSL.MODE_RELEASE_BUFFERS)
            ctx.set_options(SSL.OP_ALL & ~SSL.OP_MICROSOFT_BIG_SSLV3_BUFFER)

            ctx.use_certificate_chain_file(self.certificateFileName)
            ctx.use_privatekey_file(self.privateKeyFileName)

            if self.dh_file:
                ctx.load_tmp_dh(self.dh_file)

            if self.require_peer_certs:
                # Require peer certs but only for use by
                # RequestHandlers
                ctx.set_verify(
                    SSL.VERIFY_PEER |
                    SSL.VERIFY_CLIENT_ONCE,
                    self._allow_peer)

            self._context = ctx 
开发者ID:mozilla-services,项目名称:autopush,代码行数:30,代码来源:ssl.py


注:本文中的OpenSSL.SSL.OP_NO_SSLv3方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。