Python ssl.PROTOCOL_TLSv1_1() Examples
The following are 9
code examples of ssl.PROTOCOL_TLSv1_1().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
ssl
, or try the search function
.
.
Example #1
| Source File: int_ssl.py From pysslscan with GNU Lesser General Public License v3.0 | 6 votes |
|
def convert_version2method(protocol_version):
"""
Convert internal protocol version ID to Python SSL method.
:param Integer protocol_version: Version ID
:return: OpenSSL method or None if not found
:rtype: OpenSSL method or None
"""
if protocol_version == flextls.registry.version.SSLv2:
return ssl.PROTOCOL_SSLv2
if protocol_version == flextls.registry.version.SSLv3:
return ssl.PROTOCOL_SSLv3
if protocol_version == flextls.registry.version.TLSv10:
return ssl.PROTOCOL_TLSv1
if protocol_version == flextls.registry.version.TLSv11:
return ssl.PROTOCOL_TLSv1_1
if protocol_version == flextls.registry.version.TLSv12:
return ssl.PROTOCOL_TLSv1_2
return None
Example #2
| Source File: main.py From Seth with MIT License | 6 votes |
|
def get_ssl_version(sock):
# Seth behaves differently depeding on the TLS protocol
# https://bugs.python.org/issue31453
# This is an ugly hack (as if the rest of this wasn't...)
versions = [
ssl.PROTOCOL_TLSv1,
ssl.PROTOCOL_TLSv1_1,
ssl.PROTOCOL_TLSv1_2,
]
firstbytes = sock.recv(16, socket.MSG_PEEK)
try:
return versions[firstbytes[10]-1]
except IndexError:
print("Unexpected SSL version: %s" % hexlify(firstbytes))
return versions[-1]
# def launch_rdp_client():
# time.sleep(1)
# p = subprocess.Popen(
# ["xfreerdp",
# "/v:%s:%d" % (args.bind_ip, consts.RELAY_PORT),
# "/u:%s\\%s" % (domain, user),
# ],
# )
Example #3
| Source File: compatibility.py From ReadableWebProxy with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def get_default_ssl_version():
"""Get the highest support TLS version, if none is available, return None.
:rtype: bool|None
"""
if hasattr(ssl, 'PROTOCOL_TLSv1_2'):
return ssl.PROTOCOL_TLSv1_2
elif hasattr(ssl, 'PROTOCOL_TLSv1_1'):
return ssl.PROTOCOL_TLSv1_1
elif hasattr(ssl, 'PROTOCOL_TLSv1'):
return ssl.PROTOCOL_TLSv1
return None
Example #4
| Source File: test_rdp.py From heralding with GNU General Public License v3.0 | 5 votes |
|
def rdp_connect(self, ip_addr, port):
s = socket.socket()
s.connect((ip_addr, port))
s.sendall(RDPClient.ConnectionRequestPDU())
s.recv(1024)
tls = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1_1)
tls.sendall(RDPClient.ClientDataPDU())
tls.recv(4096)
tls.send(RDPClient.ErectDomainRequest())
tls.sendall(RDPClient.AttactUserRequest())
tls.recv(512)
tls.sendall(RDPClient.ChannelJoinRequest(1007))
tls.recv(1024)
tls.sendall(RDPClient.ChannelJoinRequest(1003))
tls.recv(1024)
tls.sendall(RDPClient.ClientInfoPDU())
res = b''
res = tls.recv(512)
if res != b'':
return False
return True
Example #5
| Source File: mqtt.py From aqara-mqtt with Apache License 2.0 | 5 votes |
|
def _get_tls_version(self,tlsString):
switcher = {
"tlsv1": ssl.PROTOCOL_TLSv1,
"tlsv1.1": ssl.PROTOCOL_TLSv1_1,
"tlsv1.2": ssl.PROTOCOL_TLSv1_2
}
return switcher.get(tlsString,ssl.PROTOCOL_TLSv1_2)
Example #6
| Source File: compatibility.py From amqpstorm with MIT License | 5 votes |
|
def get_default_ssl_version():
"""Get the highest support TLS version, if none is available, return None.
:rtype: bool,None
"""
if hasattr(ssl, 'PROTOCOL_TLSv1_2'):
return ssl.PROTOCOL_TLSv1_2
elif hasattr(ssl, 'PROTOCOL_TLSv1_1'):
return ssl.PROTOCOL_TLSv1_1
elif hasattr(ssl, 'PROTOCOL_TLSv1'):
return ssl.PROTOCOL_TLSv1
return None
Example #7
| Source File: configuration.py From mqttwarn with Eclipse Public License 2.0 | 4 votes |
|
def __init__(self, configuration_file, defaults=None):
defaults = defaults or {}
RawConfigParser.__init__(self)
f = codecs.open(configuration_file, 'r', encoding='utf-8')
self.read_file(f)
f.close()
''' set defaults '''
self.hostname = 'localhost'
self.port = 1883
self.username = None
self.password = None
self.clientid = None
self.lwt = None
self.skipretained = False
self.cleansession = False
self.protocol = 3
self.logformat = '%(asctime)-15s %(levelname)-8s [%(name)-25s] %(message)s'
self.logfile = None
self.loglevel = 'DEBUG'
self.functions = None
self.num_workers = 1
self.directory = '.'
self.ca_certs = None
self.tls_version = None
self.certfile = None
self.keyfile = None
self.tls_insecure = False
self.tls = False
self.__dict__.update(defaults)
self.__dict__.update(self.config('defaults'))
if HAVE_TLS == False:
logger.error("TLS parameters set but no TLS available (SSL)")
sys.exit(2)
if self.ca_certs is not None:
self.tls = True
if self.tls_version is not None:
if self.tls_version == 'tlsv1_2':
self.tls_version = ssl.PROTOCOL_TLSv1_2
if self.tls_version == 'tlsv1_1':
self.tls_version = ssl.PROTOCOL_TLSv1_1
if self.tls_version == 'tlsv1':
self.tls_version = ssl.PROTOCOL_TLSv1
if self.tls_version == 'sslv3':
self.tls_version = ssl.PROTOCOL_SSLv3
self.loglevelnumber = self.level2number(self.loglevel)
self.functions = load_functions(self.functions)
Example #8
| Source File: imaplib2.py From imapfw with MIT License | 4 votes |
|
def ssl_wrap_socket(self):
try:
import ssl
TLS_MAP = {}
if hasattr(ssl, "PROTOCOL_TLSv1_2"): # py3
TLS_MAP[TLS_SECURE] = {
"tls1_2": ssl.PROTOCOL_TLSv1_2,
"tls1_1": ssl.PROTOCOL_TLSv1_1,
}
else:
TLS_MAP[TLS_SECURE] = {}
TLS_MAP[TLS_NO_SSL] = TLS_MAP[TLS_SECURE].copy()
TLS_MAP[TLS_NO_SSL].update({
"tls1": ssl.PROTOCOL_TLSv1,
})
TLS_MAP[TLS_COMPAT] = TLS_MAP[TLS_NO_SSL].copy()
TLS_MAP[TLS_COMPAT].update({
"ssl23": ssl.PROTOCOL_SSLv23,
None: ssl.PROTOCOL_SSLv23,
})
if hasattr(ssl, "PROTOCOL_SSLv3"): # Might not be available.
TLS_MAP[TLS_COMPAT].update({
"ssl3": ssl.PROTOCOL_SSLv3
})
if self.ca_certs is not None:
cert_reqs = ssl.CERT_REQUIRED
else:
cert_reqs = ssl.CERT_NONE
if self.tls_level not in TLS_MAP:
raise RuntimeError("unknown tls_level: %s" % self.tls_level)
if self.ssl_version not in TLS_MAP[self.tls_level]:
raise socket.sslerror("Invalid SSL version '%s' requested for tls_version '%s'" % (self.ssl_version, self.tls_level))
ssl_version = TLS_MAP[self.tls_level][self.ssl_version]
self.sock = ssl.wrap_socket(self.sock, self.keyfile, self.certfile, ca_certs=self.ca_certs, cert_reqs=cert_reqs, ssl_version=ssl_version)
ssl_exc = ssl.SSLError
self.read_fd = self.sock.fileno()
except ImportError:
# No ssl module, and socket.ssl has no fileno(), and does not allow certificate verification
raise socket.sslerror("imaplib SSL mode does not work without ssl module")
if self.cert_verify_cb is not None:
cert_err = self.cert_verify_cb(self.sock.getpeercert(), self.host)
if cert_err:
raise ssl_exc(cert_err)
# Allow sending of keep-alive messages - seems to prevent some servers
# from closing SSL, leading to deadlocks.
self.sock.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1)
Example #9
| Source File: sonota.py From SonOTA with GNU General Public License v2.0 | 4 votes |
|
def stage2():
log.info("Starting stage2...")
app = make_app()
if not args.no_check_ip:
net_valid = False
conn_attempt = 0
# check if machine has <args.serving_host> being assigned on any iface
while True:
conn_attempt += 1
if args.serving_host in ip4ips():
break
else:
if conn_attempt == 1:
log.info("** The IP address of <serve_host> ({}) is not assigned "
"to any interface on this machine.".format(args.serving_host))
log.info(
"** Please change WiFi network to {} and make sure {} is "
"being assigned to your WiFi interface.".format(
args.wifi_ssid, args.serving_host))
log.info("** This application should be kept running "
"and will wait until connected to the WiFi...")
sleep(2)
print(".", end="", flush=True)
continue
log.info("~~ Starting web server (HTTP port: %s, HTTPS port %s)" % (
DEFAULT_PORT_HTTP, DEFAULT_PORT_HTTPS))
# Ensure ProactorEventLoop not used on windows (not yet release in latest tornado)
# https://github.com/python/pyperformance/pull/65/files
if sys.platform == 'win32' and sys.version_info[:2] == (3, 8):
import asyncio
asyncio.set_event_loop_policy(asyncio.WindowsSelectorEventLoopPolicy())
if args.legacy:
old = make_app()
# listening on port 8081 for serving upgrade files for older devices
old.listen(8081)
# listening on port 8080 for serving upgrade files
app.listen(DEFAULT_PORT_HTTP)
app_ssl = tornado.httpserver.HTTPServer(app, ssl_options={
"certfile": resource_path("ssl/server.crt"),
"keyfile": resource_path("ssl/server.key"),
"ssl_version": ssl.PROTOCOL_TLSv1_1,
})
# listening on HTTPS port to catch initial POST request to eu-disp.coolkit.cc
app_ssl.listen(DEFAULT_PORT_HTTPS)
log.info("~~ Waiting for device to connect")
stage3thread = threading.Thread(target=stage3, daemon=True)
stage3thread.start()
tornado.ioloop.IOLoop.instance().start()
