Commit 91c69613 authored by Michael Hanselmann's avatar Michael Hanselmann

Allow SSL ciphers to be overridden in HTTP server

Users of this class, such as the RAPI server, might want to override or adjust
the default SSL cipher defined in a constant.
Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
Reviewed-by: default avatarIustin Pop <iustin@google.com>
parent 5b27346a
......@@ -595,7 +595,10 @@ class HttpBase(object):
ctx = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD)
ctx.set_options(OpenSSL.SSL.OP_NO_SSLv2)
ctx.set_cipher_list(constants.OPENSSL_CIPHERS)
ciphers = self.GetSslCiphers()
logging.debug("Setting SSL cipher string %s", ciphers)
ctx.set_cipher_list(ciphers)
ctx.use_privatekey(self._ssl_key)
ctx.use_certificate(self._ssl_cert)
......@@ -608,6 +611,12 @@ class HttpBase(object):
return OpenSSL.SSL.Connection(ctx, sock)
def GetSslCiphers(self):
"""Returns the ciphers string for SSL.
"""
return constants.OPENSSL_CIPHERS
def _SSLVerifyCallback(self, conn, cert, errnum, errdepth, ok):
"""Verify the certificate provided by the peer
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment