@SECLEVEL=0 is necessary for TLS 1.1 and below to work, see https://github.com/pyca/cryptography/issues/9523
(
min_tls_version: net_tls.Version,
)
| 64 | |
| 65 | |
| 66 | def _default_ciphers( |
| 67 | min_tls_version: net_tls.Version, |
| 68 | ) -> tuple[str, ...]: |
| 69 | """ |
| 70 | @SECLEVEL=0 is necessary for TLS 1.1 and below to work, |
| 71 | see https://github.com/pyca/cryptography/issues/9523 |
| 72 | """ |
| 73 | if min_tls_version in net_tls.INSECURE_TLS_MIN_VERSIONS: |
| 74 | return _DEFAULT_CIPHERS_WITH_SECLEVEL_0 |
| 75 | else: |
| 76 | return _DEFAULT_CIPHERS |
| 77 | |
| 78 | |
| 79 | # 2022/05: X509_CHECK_FLAG_NEVER_CHECK_SUBJECT is not available in LibreSSL, ignore gracefully as it's not critical. |
no outgoing calls
no test coverage detected
searching dependent graphs…