[Freeipa-devel] [freeipa PR#367][comment] Remove nsslib from IPA
tiran
freeipa-github-notification at redhat.com
Thu Jan 5 14:44:35 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA
tiran commented:
"""
```
ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
ctx.options = ssl.OP_ALL | ssl.OP_NO_COMPRESSION | ssl.OP_SINGLE_DH_USE | ssl.OP_SINGLE_ECDH_USE | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3
try:
# use Fedora crypto policy
# https://fedoraproject.org/wiki/Changes/CryptoPolicy
ctx.set_ciphers("PROFILE=SYSTEM")
except ssl.SSLError:
# high ciphers without RC4, MD5, TripleDES, pre-shared key and secure remote password
ctx.set_ciphers("HIGH:!aNULL:!eNULL:!MD5:!RC4:!3DES:!PSK:!SRP")
```
"""
See the full comment at https://github.com/freeipa/freeipa/pull/367#issuecomment-270659921
More information about the Freeipa-devel
mailing list