Message 284822 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	alex, christian.heimes, dstufft, janssen
Date	2017-01-06.14:31:25
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1483713086.24.0.783691076522.issue27876@psf.upfronthosting.co.za>
In-reply-to

Content
PoC implementation: from enum import Enum import ssl OP_NO_TLSv1_3 = getattr(ssl, 'OP_NO_TLSv1_3', 0) OP_NO_FLAGS = [ ssl.OP_NO_SSLv2, ssl.OP_NO_SSLv3, ssl.OP_NO_TLSv1, ssl.OP_NO_TLSv1_1, ssl.OP_NO_TLSv1_2, OP_NO_TLSv1_3 ] OP_NO_MASK = sum(OP_NO_FLAGS) class TLSVersions(Enum): SSLv2 = 'SSL 2.0', 0x0200, 0 SSLv3 = 'SSL 3.0', 0x0300, 1 TLSv1 = 'TLS 1.0', 0x0301, 2 TLSv1_1 = 'TLS 1.1', 0x0302, 3 TLSv1_2 = 'TLS 1.2', 0x0303, 4 if OP_NO_TLSv1_3: TLSv1_3 = 'TLS 1.3', 0x0304, 5 MAX = TLSv1_3 else: MAX = TLSv1_2 MIN = TLSv1 def __init__(self, prettyname, wireprotocol, offset): self.prettyname = prettyname self.wireprotocol = wireprotocol self.noflag = OP_NO_FLAGS[offset] self.minflag = sum(OP_NO_FLAGS[:offset]) self.maxflag = sum(OP_NO_FLAGS[offset+1:]) def __repr__(self): return ("<{0.__class__.__name__}.{0.name} " "({0.prettyname}, 0x{0.wireprotocol:x})>").format(self) __str__ = __repr__ class SSLContext(ssl.SSLContext): def set_version(self, minver=TLSVersions.MIN, maxver=TLSVersions.MAX): options = self.options & ~OP_NO_MASK self.options = options \| minver.minflag \| maxver.maxflag if __name__ == '__main__': for name, member in TLSVersions.__members__.items(): print(name, member) ctx = SSLContext(ssl.PROTOCOL_SSLv23) print(ctx.options) ctx.set_version(minver=TLSVersions.SSLv3, maxver=TLSVersions.TLSv1_1) print(ctx.options)

PoC implementation:

from enum import Enum
import ssl

OP_NO_TLSv1_3 = getattr(ssl, 'OP_NO_TLSv1_3', 0)

OP_NO_FLAGS = [
    ssl.OP_NO_SSLv2,
    ssl.OP_NO_SSLv3,
    ssl.OP_NO_TLSv1,
    ssl.OP_NO_TLSv1_1,
    ssl.OP_NO_TLSv1_2,
    OP_NO_TLSv1_3
]

OP_NO_MASK = sum(OP_NO_FLAGS)


class TLSVersions(Enum):
    SSLv2 = 'SSL 2.0', 0x0200, 0
    SSLv3 = 'SSL 3.0', 0x0300, 1
    TLSv1 = 'TLS 1.0', 0x0301, 2
    TLSv1_1 = 'TLS 1.1', 0x0302, 3
    TLSv1_2 = 'TLS 1.2', 0x0303, 4

    if OP_NO_TLSv1_3:
        TLSv1_3 = 'TLS 1.3', 0x0304, 5
        MAX = TLSv1_3
    else:
        MAX = TLSv1_2

    MIN = TLSv1

    def __init__(self, prettyname, wireprotocol, offset):
        self.prettyname = prettyname
        self.wireprotocol = wireprotocol
        self.noflag = OP_NO_FLAGS[offset]
        self.minflag = sum(OP_NO_FLAGS[:offset])
        self.maxflag = sum(OP_NO_FLAGS[offset+1:])

    def __repr__(self):
        return ("<{0.__class__.__name__}.{0.name} "
                "({0.prettyname}, 0x{0.wireprotocol:x})>").format(self)

    __str__ = __repr__


class SSLContext(ssl.SSLContext):
    def set_version(self, minver=TLSVersions.MIN, maxver=TLSVersions.MAX):
        options = self.options & ~OP_NO_MASK
        self.options = options | minver.minflag | maxver.maxflag


if __name__ == '__main__':
    for name, member in TLSVersions.__members__.items():
        print(name, member)

    ctx = SSLContext(ssl.PROTOCOL_SSLv23)
    print(ctx.options)
    ctx.set_version(minver=TLSVersions.SSLv3, maxver=TLSVersions.TLSv1_1)
    print(ctx.options)

History
Date	User	Action	Args
2017-01-06 14:31:26	christian.heimes	set	recipients: + christian.heimes, janssen, alex, dstufft
2017-01-06 14:31:26	christian.heimes	set	messageid: <1483713086.24.0.783691076522.issue27876@psf.upfronthosting.co.za>
2017-01-06 14:31:26	christian.heimes	link	issue27876 messages
2017-01-06 14:31:25	christian.heimes	create