caucase.http: Silence ssl.OP_NO_{SSL,TLS}* deprecation warning.

37e6a4f7 · Vincent Pelletier · 5af60b32 · 37e6a4f7
Commit 37e6a4f7 authored Jul 07, 2022 by Vincent Pelletier
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 2 deletions

caucase/http.py caucase/http.py +8 -2

No files found.
--- a/caucase/http.py
+++ b/caucase/http.py
@@ -279,6 +279,8 @@ def startServerThread(server):
  server_thread.daemon = True
  server_thread.start()

+TLSVersion = getattr(ssl, 'TLSVersion', None)
+
 def getSSLContext(
  key_len,
  threshold,
@@ -299,8 +301,12 @@ def getSSLContext(
  # SSL is used for client authentication, and is only required for very few
  # users on any given caucased. So make ssl_context even stricter than python
  # does.
-  # No TLSv1 and TLSv1.1, leaving (currently) only TLSv1.2
-  ssl_context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
+  # No TLSv1 and TLSv1.1
+  if TLSVersion is None: # pragma: no cover
+    # BBB: py<3.7
+    ssl_context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
+  else: # pragma: no cover
+    ssl_context.minimum_version = TLSVersion.TLSv1_2

  # If a client wishes to use https for unauthenticated operations, that's
  # fine too.