diff options
author | Cory Benfield <lukasaoz@gmail.com> | 2016-08-15 14:50:51 +0100 |
---|---|---|
committer | Cory Benfield <lukasaoz@gmail.com> | 2016-08-15 14:50:51 +0100 |
commit | 4a15efa7c954abfd6575591c0504265d2703b446 (patch) | |
tree | 7af81d3c6a44e01bf677650659adc2c22a5cb8f1 | |
parent | 86d5e24639e91a5d30511833bf6b04daba792180 (diff) | |
download | urllib3-4a15efa7c954abfd6575591c0504265d2703b446.tar.gz |
Split ciphers up to individual lines.
-rw-r--r-- | urllib3/util/ssl_.py | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/urllib3/util/ssl_.py b/urllib3/util/ssl_.py index 2baf0b5f..1aa46d81 100644 --- a/urllib3/util/ssl_.py +++ b/urllib3/util/ssl_.py @@ -67,11 +67,27 @@ except ImportError: # - prefer AES-GCM over ChaCha20 because hardware-accelerated AES is common, # - use 3DES as fallback which is secure but slow, # - disable NULL authentication, MD5 MACs and DSS for security reasons. -DEFAULT_CIPHERS = ( - 'ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:' - 'ECDH+AES128:DH+AES:ECDH+HIGH:DH+HIGH:ECDH+3DES:DH+3DES:RSA+AESGCM:' - 'RSA+AES:RSA+HIGH:RSA+3DES:!aNULL:!eNULL:!MD5' -) +DEFAULT_CIPHERS = ':'.join([ + 'ECDH+AESGCM', + 'ECDH+CHACHA20', + 'DH+AESGCM', + 'DH+CHACHA20', + 'ECDH+AES256', + 'DH+AES256', + 'ECDH+AES128', + 'DH+AES', + 'ECDH+HIGH', + 'DH+HIGH', + 'ECDH+3DES', + 'DH+3DES', + 'RSA+AESGCM', + 'RSA+AES', + 'RSA+HIGH', + 'RSA+3DES', + '!aNULL', + '!eNULL', + '!MD5', +]) try: from ssl import SSLContext # Modern SSL? |