Switch to using ssl.create_default_context in order to prevent various SSL attacks and choose secure ciphers

2015-08-11 19:53:49 -04:00 · 2015-08-11 19:53:49 -04:00 · a438391079
parent b7684e0914
commit a438391079
1 changed files with 5 additions and 4 deletions
--- a/websockify/websocket.py
+++ b/websockify/websocket.py
@ -815,11 +815,12 @@ class WebSocketServer(object):
                                  % self.cert)
            retsock = None
            try:
-                retsock = ssl.wrap_socket(
+                context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+                context.load_cert_chain(self.cert, self.key)
+
+                retsock = context.wrap_socket(
                        sock,
-                        server_side=True,
-                        certfile=self.cert,
-                        keyfile=self.key)
+                        server_side=True)
            except ssl.SSLError:
                _, x, _ = sys.exc_info()
                if x.args[0] == ssl.SSL_ERROR_EOF: