Skip to content

Commit 403c462

Browse files
HainishHainish
committed
Switching to proper OpenSSL ciphersuite names & defaulting to TLS 1.2
1 parent 99f899c commit 403c462

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

test/rules/src/https_everywhere_checker/http_client.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ class FetchOptions(object):
4949
_DEFAULT_CIPHERLIST_NSS = "rsa_3des_sha,rsa_des_sha,rsa_null_md5,rsa_null_sha,rsa_rc2_40_md5,rsa_rc4_128_md5,rsa_rc4_128_sha,rsa_rc4_40_md5,fips_des_sha,fips_3des_sha,rsa_des_56_sha,rsa_rc4_56_sha,rsa_aes_128_sha,rsa_aes_256_sha,rsa_aes_128_gcm_sha_256,dhe_rsa_aes_128_gcm_sha_256,ecdh_ecdsa_null_sha,ecdh_ecdsa_rc4_128_sha,ecdh_ecdsa_3des_sha,ecdh_ecdsa_aes_128_sha,ecdh_ecdsa_aes_256_sha,ecdhe_ecdsa_null_sha,ecdhe_ecdsa_rc4_128_sha,ecdhe_ecdsa_3des_sha,ecdhe_ecdsa_aes_128_sha,ecdhe_ecdsa_aes_256_sha,ecdh_rsa_null_sha,ecdh_rsa_128_sha,ecdh_rsa_3des_sha,ecdh_rsa_aes_128_sha,ecdh_rsa_aes_256_sha,echde_rsa_null,ecdhe_rsa_rc4_128_sha,ecdhe_rsa_3des_sha,ecdhe_rsa_aes_128_sha,ecdhe_rsa_aes_256_sha,ecdhe_ecdsa_aes_128_gcm_sha_256,ecdhe_rsa_aes_128_gcm_sha_256"
5050

5151
# The default list of cipher suites that ships with Firefox 51.0.1
52-
_DEFAULT_CIPHERLIST_OTHER = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305-SHA256:ECDHE-RSA-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CBC-SHA:ECDHE-ECDSA-AES128-CBC-SHA:ECDHE-RSA-AES128-CBC-SHA:ECDHE-RSA-AES256-CBC-SHA:DHE-RSA-AES128-CBC-SHA:DHE-RSA-AES256-CBC-SHA:RSA-AES128-CBC-SHA:RSA-AES256-CBC-SHA:RSA-3DES-EDE-CBC-SHA"
52+
_DEFAULT_CIPHERLIST_OTHER = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
5353

5454
_DEFAULT_CIPHERLIST = _DEFAULT_CIPHERLIST_NSS if re.search('NSS/\d+\.\d+', pycurl.version) else _DEFAULT_CIPHERLIST_OTHER
5555

@@ -63,7 +63,7 @@ def __init__(self, config):
6363
self.redirectDepth = config.getint("http", "redirect_depth")
6464
self.userAgent = None
6565
self.curlVerbose = False
66-
self.sslVersion = pycurl.SSLVERSION_DEFAULT
66+
self.sslVersion = pycurl.SSLVERSION_TLSv1_2
6767
self.useSubprocess = True
6868
self.staticCAPath = None
6969
self.cipherList = self._DEFAULT_CIPHERLIST

0 commit comments

Comments
 (0)