From ab0cd00c12624b07dcc3b2d62aa96f8f1e658f65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Szulik?= Date: Tue, 6 Aug 2019 19:18:41 +0200 Subject: [PATCH] feat(utils): extend create_tcp_connection utility (#568) Add parameters to setup SSL context options and ciphers when playing with secure connection. It can be set via a handler: ``` class MySequentialThreadingHandler(SequentialThreadingHandler): def create_connection(self, *args, **kwargs): return create_tcp_connection(socket, options=MY_OPTIONS, ciphers=MY_CIPHERS, *args, **kwargs) ``` --- kazoo/handlers/utils.py | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/kazoo/handlers/utils.py b/kazoo/handlers/utils.py index bd1b92ef..fa561fe0 100644 --- a/kazoo/handlers/utils.py +++ b/kazoo/handlers/utils.py @@ -191,7 +191,7 @@ def create_tcp_socket(module): def create_tcp_connection(module, address, timeout=None, use_ssl=False, ca=None, certfile=None, keyfile=None, keyfile_password=None, - verify_certs=True): + verify_certs=True, options=None, ciphers=None): end = None if timeout is None: # thanks to create_connection() developers for @@ -211,8 +211,16 @@ def create_tcp_connection(module, address, timeout=None, if use_ssl: # Disallow use of SSLv2 and V3 (meaning we require TLSv1.0+) context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) - context.options |= ssl.OP_NO_SSLv2 - context.options |= ssl.OP_NO_SSLv3 + + if options is not None: + context.options = options + else: + context.options |= ssl.OP_NO_SSLv2 + context.options |= ssl.OP_NO_SSLv3 + + if ciphers: + context.set_ciphers(ciphers) + # Load default CA certs context.load_default_certs(ssl.Purpose.SERVER_AUTH) context.verify_mode = (