feat(utils): extend create_tcp_connection utility (#568)

Add parameters to setup SSL context options and ciphers when playing with secure connection. It can be set via a handler: ``` class MySequentialThreadingHandler(SequentialThreadingHandler): def create_connection(self, *args, **kwargs): return create_tcp_connection(socket, options=MY_OPTIONS, ciphers=MY_CIPHERS, *args, **kwargs) ```
python-zk · Aug 6, 2019 · ab0cd00 · ab0cd00
1 parent 88b657a
commit ab0cd00
Showing 1 changed file with 11 additions and 3 deletions.
diff --git a/kazoo/handlers/utils.py b/kazoo/handlers/utils.py
@@ -191,7 +191,7 @@ def create_tcp_socket(module):
 def create_tcp_connection(module, address, timeout=None,
                           use_ssl=False, ca=None, certfile=None,
                           keyfile=None, keyfile_password=None,
-                          verify_certs=True):
+                          verify_certs=True, options=None, ciphers=None):
     end = None
     if timeout is None:
         # thanks to create_connection() developers for
@@ -211,8 +211,16 @@ def create_tcp_connection(module, address, timeout=None,
         if use_ssl:
             # Disallow use of SSLv2 and V3 (meaning we require TLSv1.0+)
             context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
-            context.options |= ssl.OP_NO_SSLv2
-            context.options |= ssl.OP_NO_SSLv3
+
+            if options is not None:
+                context.options = options
+            else:
+                context.options |= ssl.OP_NO_SSLv2
+                context.options |= ssl.OP_NO_SSLv3
+
+            if ciphers:
+                context.set_ciphers(ciphers)
+
             # Load default CA certs
             context.load_default_certs(ssl.Purpose.SERVER_AUTH)
             context.verify_mode = (