Add ability to configure TLS protocol version.

add configuration option tls_version Related to https://python-nbxmpp.gajim.org/ticket/17
2014-01-27 16:31:08 +01:00 · 2014-01-27 16:31:08 +01:00 · bb7442b580
commit bb7442b580
parent 02df78c9d8
2 changed files with 4 additions and 1 deletions
--- a/src/common/config.py
+++ b/src/common/config.py
@ -349,6 +349,7 @@ class Config:
                    'enable_esessions': [opt_bool, True, _('Enable ESessions encryption for this account.')],
                    'autonegotiate_esessions': [opt_bool, True, _('Should Gajim automatically start an encrypted session when possible?')],
                    'connection_types': [ opt_str, 'tls ssl plain', _('Ordered list (space separated) of connection type to try. Can contain tls, ssl or plain')],
+                    'tls_version': [ opt_str, '1.0', '' ],
                    'cipher_list': [ opt_str, 'HIGH:!aNULL:RC4-SHA', '' ],
                    'action_when_plaintext_connection': [ opt_str, 'warn', _('Show a warning dialog before sending password on an plaintext connection. Can be \'warn\', \'connect\', \'disconnect\'') ],
                    'warn_when_insecure_ssl_connection': [ opt_bool, True, _('Show a warning dialog before using standard SSL library.') ],
--- a/src/common/connection.py
+++ b/src/common/connection.py
@ -1252,9 +1252,11 @@ class Connection(CommonConnection, ConnectionHandlers):
            if not os.path.exists(cacerts):
                cacerts = ''
            mycerts = common.gajim.MY_CACERTS
+            tls_version = gajim.config.get_per('accounts', self.name,
+                'tls_version')
            cipher_list = gajim.config.get_per('accounts', self.name,
                'cipher_list')
-            secure_tuple = (self._current_type, cacerts, mycerts, cipher_list)
+            secure_tuple = (self._current_type, cacerts, mycerts, tls_version, cipher_list)

            con = nbxmpp.NonBlockingClient(
                domain=self._hostname,