Add ability to configure TLS protocol version.

add configuration option tls_version

Related to
https://python-nbxmpp.gajim.org/ticket/17
This commit is contained in:
Fedor Brunner 2014-01-27 16:31:08 +01:00
parent dcf1c33cc1
commit d7c8bdc8c4
2 changed files with 4 additions and 1 deletions

View File

@ -349,6 +349,7 @@ class Config:
'enable_esessions': [opt_bool, True, _('Enable ESessions encryption for this account.')], 'enable_esessions': [opt_bool, True, _('Enable ESessions encryption for this account.')],
'autonegotiate_esessions': [opt_bool, True, _('Should Gajim automatically start an encrypted session when possible?')], 'autonegotiate_esessions': [opt_bool, True, _('Should Gajim automatically start an encrypted session when possible?')],
'connection_types': [ opt_str, 'tls ssl plain', _('Ordered list (space separated) of connection type to try. Can contain tls, ssl or plain')], 'connection_types': [ opt_str, 'tls ssl plain', _('Ordered list (space separated) of connection type to try. Can contain tls, ssl or plain')],
'tls_version': [ opt_str, '1.0', '' ],
'cipher_list': [ opt_str, 'HIGH:!aNULL:RC4-SHA', '' ], 'cipher_list': [ opt_str, 'HIGH:!aNULL:RC4-SHA', '' ],
'action_when_plaintext_connection': [ opt_str, 'warn', _('Show a warning dialog before sending password on an plaintext connection. Can be \'warn\', \'connect\', \'disconnect\'') ], 'action_when_plaintext_connection': [ opt_str, 'warn', _('Show a warning dialog before sending password on an plaintext connection. Can be \'warn\', \'connect\', \'disconnect\'') ],
'warn_when_insecure_ssl_connection': [ opt_bool, True, _('Show a warning dialog before using standard SSL library.') ], 'warn_when_insecure_ssl_connection': [ opt_bool, True, _('Show a warning dialog before using standard SSL library.') ],

View File

@ -1239,9 +1239,11 @@ class Connection(CommonConnection, ConnectionHandlers):
if not os.path.exists(cacerts): if not os.path.exists(cacerts):
cacerts = '' cacerts = ''
mycerts = common.gajim.MY_CACERTS mycerts = common.gajim.MY_CACERTS
tls_version = gajim.config.get_per('accounts', self.name,
'tls_version')
cipher_list = gajim.config.get_per('accounts', self.name, cipher_list = gajim.config.get_per('accounts', self.name,
'cipher_list') 'cipher_list')
secure_tuple = (self._current_type, cacerts, mycerts, cipher_list) secure_tuple = (self._current_type, cacerts, mycerts, tls_version, cipher_list)
con = nbxmpp.NonBlockingClient( con = nbxmpp.NonBlockingClient(
domain=self._hostname, domain=self._hostname,