From 59b5ac3a61fcfb1fd55812198ffe208243c3c160 Mon Sep 17 00:00:00 2001 From: Peter Surda Date: Sat, 14 Jan 2017 17:47:57 +0100 Subject: [PATCH] OpenSSL 1.1.0 compatibility fixes - function check missed 1.1.0 release - TLS didn't work with anonymous ciphers --- src/protocol.py | 6 ++++++ src/pyelliptic/openssl.py | 6 +++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/src/protocol.py b/src/protocol.py index ae04740b..3a3ccebe 100644 --- a/src/protocol.py +++ b/src/protocol.py @@ -495,3 +495,9 @@ else: # this means TLSv1, there is no way to set "TLSv1 or higher" or # "TLSv1.2" in < 2.7.9 sslProtocolVersion = ssl.PROTOCOL_TLSv1 + +# ciphers +if ssl.OPENSSL_VERSION_NUMBER >= 0x10100000 + sslProtocolCiphers = "AECDH-AES256-SHA@SECLEVEL=0" +else: + sslProtocolCiphers = "AECDH-AES256-SHA" diff --git a/src/pyelliptic/openssl.py b/src/pyelliptic/openssl.py index db9e7d24..a26339ce 100644 --- a/src/pyelliptic/openssl.py +++ b/src/pyelliptic/openssl.py @@ -170,7 +170,7 @@ class _OpenSSL: self.EC_KEY_set_private_key.argtypes = [ctypes.c_void_p, ctypes.c_void_p] - if self._hexversion > 0x10100000: + if self._hexversion >= 0x10100000: self.EC_KEY_OpenSSL = self._lib.EC_KEY_OpenSSL self._lib.EC_KEY_OpenSSL.restype = ctypes.c_void_p self._lib.EC_KEY_OpenSSL.argtypes = [] @@ -250,7 +250,7 @@ class _OpenSSL: self.EVP_rc4.restype = ctypes.c_void_p self.EVP_rc4.argtypes = [] - if self._hexversion > 0x10100000: + if self._hexversion >= 0x10100000: self.EVP_CIPHER_CTX_reset = self._lib.EVP_CIPHER_CTX_reset self.EVP_CIPHER_CTX_reset.restype = ctypes.c_int self.EVP_CIPHER_CTX_reset.argtypes = [ctypes.c_void_p] @@ -306,7 +306,7 @@ class _OpenSSL: self.ECDSA_verify.argtypes = [ctypes.c_int, ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p] - if self._hexversion > 0x10100000: + if self._hexversion >= 0x10100000: self.EVP_MD_CTX_new = self._lib.EVP_MD_CTX_new self.EVP_MD_CTX_new.restype = ctypes.c_void_p self.EVP_MD_CTX_new.argtypes = []