| 44 | ] |
| 45 | |
| 46 | def createSslContexts(self): |
| 47 | ciphers = "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:AES128-SHA256:AES256-SHA:" |
| 48 | ciphers += "!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK" |
| 49 | |
| 50 | if hasattr(ssl, "PROTOCOL_TLS"): |
| 51 | protocol = ssl.PROTOCOL_TLS |
| 52 | else: |
| 53 | protocol = ssl.PROTOCOL_TLSv1_2 |
| 54 | self.context_client = ssl.SSLContext(protocol) |
| 55 | self.context_client.check_hostname = False |
| 56 | self.context_client.verify_mode = ssl.CERT_NONE |
| 57 | |
| 58 | self.context_server = ssl.SSLContext(protocol) |
| 59 | self.context_server.load_cert_chain(self.cert_pem, self.key_pem) |
| 60 | |
| 61 | for ctx in (self.context_client, self.context_server): |
| 62 | ctx.set_ciphers(ciphers) |
| 63 | ctx.options |= ssl.OP_NO_COMPRESSION |
| 64 | try: |
| 65 | ctx.set_alpn_protocols(["h2", "http/1.1"]) |
| 66 | ctx.set_npn_protocols(["h2", "http/1.1"]) |
| 67 | except Exception: |
| 68 | pass |
| 69 | |
| 70 | # Select crypt that supported by both sides |
| 71 | # Return: Name of the crypto |