From 91c69613c08a169f90e6341164659f33da8ff40e Mon Sep 17 00:00:00 2001
From: Michael Hanselmann <hansmi@google.com>
Date: Fri, 10 Sep 2010 13:14:04 +0200
Subject: [PATCH] Allow SSL ciphers to be overridden in HTTP server

Users of this class, such as the RAPI server, might want to override or adjust
the default SSL cipher defined in a constant.

Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
---
 lib/http/__init__.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/http/__init__.py b/lib/http/__init__.py
index a42c496ef..1e39f2197 100644
--- a/lib/http/__init__.py
+++ b/lib/http/__init__.py
@@ -595,7 +595,10 @@ class HttpBase(object):
 
     ctx = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD)
     ctx.set_options(OpenSSL.SSL.OP_NO_SSLv2)
-    ctx.set_cipher_list(constants.OPENSSL_CIPHERS)
+
+    ciphers = self.GetSslCiphers()
+    logging.debug("Setting SSL cipher string %s", ciphers)
+    ctx.set_cipher_list(ciphers)
 
     ctx.use_privatekey(self._ssl_key)
     ctx.use_certificate(self._ssl_cert)
@@ -608,6 +611,12 @@ class HttpBase(object):
 
     return OpenSSL.SSL.Connection(ctx, sock)
 
+  def GetSslCiphers(self):
+    """Returns the ciphers string for SSL.
+
+    """
+    return constants.OPENSSL_CIPHERS
+
   def _SSLVerifyCallback(self, conn, cert, errnum, errdepth, ok):
     """Verify the certificate provided by the peer
 
-- 
GitLab