mirror of
https://github.com/home-assistant/core.git
synced 2025-07-23 21:27:38 +00:00
Don't be so strict client-side (#15546)
This commit is contained in:
parent
dfe17491f8
commit
4650366f07
@ -6,21 +6,14 @@ import certifi
|
|||||||
|
|
||||||
def client_context():
|
def client_context():
|
||||||
"""Return an SSL context for making requests."""
|
"""Return an SSL context for making requests."""
|
||||||
context = _get_context()
|
context = ssl.create_default_context(
|
||||||
context.verify_mode = ssl.CERT_REQUIRED
|
purpose=ssl.Purpose.SERVER_AUTH,
|
||||||
context.check_hostname = True
|
cafile=certifi.where()
|
||||||
context.load_verify_locations(cafile=certifi.where(), capath=None)
|
)
|
||||||
return context
|
return context
|
||||||
|
|
||||||
|
|
||||||
def server_context():
|
def server_context():
|
||||||
"""Return an SSL context for being a server."""
|
|
||||||
context = _get_context()
|
|
||||||
context.options |= ssl.OP_CIPHER_SERVER_PREFERENCE
|
|
||||||
return context
|
|
||||||
|
|
||||||
|
|
||||||
def _get_context():
|
|
||||||
"""Return an SSL context following the Mozilla recommendations.
|
"""Return an SSL context following the Mozilla recommendations.
|
||||||
|
|
||||||
TLS configuration follows the best-practice guidelines specified here:
|
TLS configuration follows the best-practice guidelines specified here:
|
||||||
@ -31,7 +24,8 @@ def _get_context():
|
|||||||
|
|
||||||
context.options |= (
|
context.options |= (
|
||||||
ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 |
|
ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 |
|
||||||
ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
|
ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 |
|
||||||
|
ssl.OP_CIPHER_SERVER_PREFERENCE
|
||||||
)
|
)
|
||||||
if hasattr(ssl, 'OP_NO_COMPRESSION'):
|
if hasattr(ssl, 'OP_NO_COMPRESSION'):
|
||||||
context.options |= ssl.OP_NO_COMPRESSION
|
context.options |= ssl.OP_NO_COMPRESSION
|
||||||
|
Loading…
x
Reference in New Issue
Block a user