MCPcopy Index your code
hub / github.com/mitmproxy/mitmproxy / _warn_seclevel_missing

Method _warn_seclevel_missing

mitmproxy/addons/tlsconfig.py:560–580  ·  view source on GitHub ↗

OpenSSL cipher spec need to specify @SECLEVEL for old TLS versions to work, see https://github.com/pyca/cryptography/issues/9523.

(self, side: Literal["client", "server"])

Source from the content-addressed store, hash-verified

558 )
559
560 def _warn_seclevel_missing(self, side: Literal["client", "server"]) -> None:
561 """
562 OpenSSL cipher spec need to specify @SECLEVEL for old TLS versions to work,
563 see https://github.com/pyca/cryptography/issues/9523.
564 """
565 if side == "client":
566 custom_ciphers = ctx.options.ciphers_client
567 min_tls_version = ctx.options.tls_version_client_min
568 else:
569 custom_ciphers = ctx.options.ciphers_server
570 min_tls_version = ctx.options.tls_version_server_min
571
572 if (
573 custom_ciphers
574 and net_tls.Version[min_tls_version] in net_tls.INSECURE_TLS_MIN_VERSIONS
575 and "@SECLEVEL=0" not in custom_ciphers
576 ):
577 logger.warning(
578 f'With tls_version_{side}_min set to {min_tls_version}, ciphers_{side} must include "@SECLEVEL=0" '
579 f"for insecure TLS versions to work."
580 )
581
582 def crl_path(self) -> str:
583 return f"/mitmproxy-{self.certstore.default_ca.serial}.crl"

Callers 1

configureMethod · 0.95

Calls

no outgoing calls

Tested by

no test coverage detected