diff --git a/src/class_receiveDataThread.py b/src/class_receiveDataThread.py index 059bce87..582ac5b4 100644 --- a/src/class_receiveDataThread.py +++ b/src/class_receiveDataThread.py @@ -265,8 +265,10 @@ class receiveDataThread(threading.Thread): self.connectionIsOrWasFullyEstablished = True self.sslSock = self.sock - if (self.services & shared.NODE_SSL == shared.NODE_SSL): + if (self.services & shared.NODE_SSL == shared.NODE_SSL and (self.initiatedConnection or sys.version_info >= (2, 7, 9))): self.sslSock = ssl.wrap_socket(self.sock, keyfile = os.path.join(shared.codePath(), 'sslkeys', 'key.pem'), certfile = os.path.join(shared.codePath(), 'sslkeys', 'cert.pem'), server_side = not self.initiatedConnection, ssl_version=ssl.PROTOCOL_TLSv1, do_handshake_on_connect=False, ciphers='AECDH-AES256-SHA') + if hasattr(self.sslSock, "context"): + self.sslSock.context.set_ecdh_curve("secp256k1") while True: try: self.sslSock.do_handshake() diff --git a/src/shared.py b/src/shared.py index 6f6d5a1c..4265062d 100644 --- a/src/shared.py +++ b/src/shared.py @@ -148,7 +148,8 @@ def encodeHost(host): def assembleVersionMessage(remoteHost, remotePort, myStreamNumber): payload = '' payload += pack('>L', 3) # protocol version. - payload += pack('>q', NODE_NETWORK|NODE_SSL) # bitflags of the services I offer. + payload += pack('>q', NODE_NETWORK|(NODE_SSL if sys.version_info >= (2, 7, 9) else 0)) # bitflags of the services I offer. + # python < 2.7.9's ssl library does not support ECDSA server due to missing initialisation of available curves, but client works ok payload += pack('>q', int(time.time())) payload += pack(