Workaround waiting that we regenerate more secure certificates

Traceback (most recent call last): ... File "/usr/lib/python3.7/http/client.py", line 1376, in __init__ context.load_cert_chain(cert_file, key_file) ssl.SSLError: [SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:3824)

Workaround waiting that we regenerate more secure certificates
Traceback (most recent call last): ... File "/usr/lib/python3.7/http/client.py", line 1376, in __init__ context.load_cert_chain(cert_file, key_file) ssl.SSLError: [SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:3824)
ab3b2c3b · Julien Muchembled · d20a99e3 · ab3b2c3b
Commit ab3b2c3b authored Jun 18, 2019 by Julien Muchembled
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

slapos/libnetworkcache.py slapos/libnetworkcache.py +2 -0

No files found.
--- a/slapos/libnetworkcache.py
+++ b/slapos/libnetworkcache.py
@@ -196,9 +196,11 @@ class NetworkcacheClient(object):
      connection_kw['cert_file'] = self.config['sha%s-cert-file' % where]
      connection_kw['key_file'] = self.config['sha%s-key-file' % where]
      if hasattr(ssl, 'create_default_context'):
+        context = \
        connection_kw['context'] = ssl.create_default_context(
          cafile=self.config.get('sha%s-ca-file' % where)
        )
+        context.set_ciphers('DEFAULT:@SECLEVEL=1') # XXX
      connection = HTTPSConnection(**connection_kw)
    else:
      connection = HTTPConnection(**connection_kw)