Re: [Pythomnic3k-questions] SSL
Brought to you by:
targeted
Menu
▾
▴
Re: [Pythomnic3k-questions] SSL
|
From: Dmitry D. <dm...@ta...> - 2015-03-05 14:41:06
|
Hello,
There is no configuration for that in current version.
As a quick fix, copy protocol_tcp.py from /.shared into /yourcage
then patch the copy from
---------------------
def _wrap_socket(s, *, ciphers, **kwargs):
if wrap_socket_has_ciphers:
return wrap_socket(s, ciphers = ciphers, **kwargs)
....
---------------------
into
---------------------
def _wrap_socket(s, *, ciphers, **kwargs):
kwargs["ssl_version"] = ssl.PROTOCOL_TLSv1
if wrap_socket_has_ciphers:
return wrap_socket(s, ciphers = ciphers, **kwargs)
....
---------------------
You can also play with ssl_ciphers parameter in interface/resource
configuration file to exclude all SSLv3 ciphersuites, although this
is crude and will only leave you with TLSv12 ciphers as per
http://security.stackexchange.com/a/70842
Sincerely,
Dmitry Dvoinikov
04.03.2015 3:58, John Pettit ?????:
> Hello
>
> How would I
>
> "This server is vulnerable to the POODLE attack. If possible, disable
> SSL 3 to mitigate."
>
> In our pythomnic stack?
>
> Regards
>
> JP
>
|
