enable ECDHE ciphers

This commit is contained in:
Mark Haines 2014-09-01 22:29:31 +01:00
parent 270d302834
commit 79650f795f
1 changed files with 6 additions and 0 deletions

View File

@ -1,5 +1,6 @@
from twisted.internet import reactor, ssl from twisted.internet import reactor, ssl
from OpenSSL import SSL from OpenSSL import SSL
from twisted.internet._sslverify import _OpenSSLECCurve, _defaultCurveName
class ServerContextFactory(ssl.ContextFactory): class ServerContextFactory(ssl.ContextFactory):
@ -12,6 +13,11 @@ class ServerContextFactory(ssl.ContextFactory):
@staticmethod @staticmethod
def configure_context(context, config): def configure_context(context, config):
try:
_ecCurve = _OpenSSLECCurve(_defaultCurveName)
_ecCurve.addECKeyToContext(context)
except:
pass
context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3) context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
context.use_certificate(config.tls_certificate) context.use_certificate(config.tls_certificate)
context.use_privatekey(config.tls_private_key) context.use_privatekey(config.tls_private_key)