(
*,
method: Method,
min_version: Version,
max_version: Version,
cipher_list: Iterable[str] | None,
ecdh_curve: EllipticCurve | None,
)
| 147 | |
| 148 | |
| 149 | def _create_ssl_context( |
| 150 | *, |
| 151 | method: Method, |
| 152 | min_version: Version, |
| 153 | max_version: Version, |
| 154 | cipher_list: Iterable[str] | None, |
| 155 | ecdh_curve: EllipticCurve | None, |
| 156 | ) -> SSL.Context: |
| 157 | context = SSL.Context(method.value) |
| 158 | |
| 159 | ok = SSL._lib.SSL_CTX_set_min_proto_version(context._context, min_version.value) # type: ignore |
| 160 | ok += SSL._lib.SSL_CTX_set_max_proto_version(context._context, max_version.value) # type: ignore |
| 161 | if ok != 2: |
| 162 | raise RuntimeError( |
| 163 | f"Error setting TLS versions ({min_version=}, {max_version=}). " |
| 164 | "The version you specified may be unavailable in your libssl." |
| 165 | ) |
| 166 | |
| 167 | # Options |
| 168 | context.set_options(DEFAULT_OPTIONS) |
| 169 | |
| 170 | # ECDHE for Key exchange |
| 171 | if ecdh_curve is not None: |
| 172 | try: |
| 173 | context.set_tmp_ecdh(ecdh_curve) |
| 174 | except ValueError as e: |
| 175 | raise RuntimeError(f"Elliptic curve specification error: {e}") from e |
| 176 | |
| 177 | # Cipher List |
| 178 | if cipher_list is not None: |
| 179 | try: |
| 180 | context.set_cipher_list(b":".join(x.encode() for x in cipher_list)) |
| 181 | except SSL.Error as e: |
| 182 | raise RuntimeError(f"SSL cipher specification error: {e}") from e |
| 183 | |
| 184 | # SSLKEYLOGFILE |
| 185 | if log_master_secret: |
| 186 | context.set_keylog_callback(log_master_secret) |
| 187 | |
| 188 | return context |
| 189 | |
| 190 | |
| 191 | @lru_cache(256) |
no test coverage detected
searching dependent graphs…