diff options
author | Donald Stufft <donald@stufft.io> | 2015-04-29 20:16:19 -0400 |
---|---|---|
committer | Donald Stufft <donald@stufft.io> | 2015-05-08 17:26:18 -0400 |
commit | 2f2adf2308e563dfa80fc48d3d09674edf3a2b8d (patch) | |
tree | 4356c9cd0065efc8e4dff07ef1e9575d12422755 /pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.py | |
parent | 3c7325647f5d5b2f18303b54c855df902609d035 (diff) | |
download | pip-2f2adf2308e563dfa80fc48d3d09674edf3a2b8d.tar.gz |
Upgrade requests to 2.7.0
Diffstat (limited to 'pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.py')
-rw-r--r-- | pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.py | 23 |
1 files changed, 4 insertions, 19 deletions
diff --git a/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.py b/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.py index ee657fb3f..b2c34a892 100644 --- a/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.py +++ b/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.py @@ -38,8 +38,6 @@ Module Variables ---------------- :var DEFAULT_SSL_CIPHER_LIST: The list of supported SSL/TLS cipher suites. - Default: ``ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES: - ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS`` .. _sni: https://en.wikipedia.org/wiki/Server_Name_Indication .. _crime attack: https://en.wikipedia.org/wiki/CRIME_(security_exploit) @@ -85,22 +83,7 @@ _openssl_verify = { + OpenSSL.SSL.VERIFY_FAIL_IF_NO_PEER_CERT, } -# A secure default. -# Sources for more information on TLS ciphers: -# -# - https://wiki.mozilla.org/Security/Server_Side_TLS -# - https://www.ssllabs.com/projects/best-practices/index.html -# - https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ -# -# The general intent is: -# - Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE), -# - prefer ECDHE over DHE for better performance, -# - prefer any AES-GCM over any AES-CBC for better performance and security, -# - use 3DES as fallback which is secure but slow, -# - disable NULL authentication, MD5 MACs and DSS for security reasons. -DEFAULT_SSL_CIPHER_LIST = "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:" + \ - "ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:" + \ - "!aNULL:!MD5:!DSS" +DEFAULT_SSL_CIPHER_LIST = util.ssl_.DEFAULT_CIPHERS orig_util_HAS_SNI = util.HAS_SNI @@ -299,7 +282,9 @@ def ssl_wrap_socket(sock, keyfile=None, certfile=None, cert_reqs=None, try: cnx.do_handshake() except OpenSSL.SSL.WantReadError: - select.select([sock], [], []) + rd, _, _ = select.select([sock], [], [], sock.gettimeout()) + if not rd: + raise timeout('select timed out') continue except OpenSSL.SSL.Error as e: raise ssl.SSLError('bad handshake', e) |