Enable http_check to function with weak ciphers on SSL/TLS. #1975
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…red too. Session object has nearly identical request method. Default value for weakcipher is false. Adding debug logging for weak ciphers. Importing datetime differently to urllib3 code. Added Transport adapter for weak cyphers, requests lib sessions required too. Session object has nearly identical request method. Default value for weakcipher is false. Adding debug logging for weak ciphers. Importing datetime differently to urllib3 code. Changing cipherlist for weak ciphers, now it works.
8000
|
|
||
| is_time_off = datetime.today().date() < urllib3.connection.RECENT_DATE | ||
| if is_time_off: | ||
| warnings.warn(( |
There was a problem hiding this comment.
We can assume that the system time is correct. If it's not, there are way more things that would be broken
There was a problem hiding this comment.
This was actually part of the "parent" connect() method in urllib3, I had to overwrite it because I had to change the way we called ssl_wrap_socket and add the ciphers parameter to the call - the rest of the method is pretty much verbatim.
There was a problem hiding this comment.
Still we can remove it. It pollutes the code for a case that will cause more issues than this ssl connection not working if it happens and that will be caught in other parts of the agent.
fixing flake8 issue. More flake8 issue.
390258b to
2926384
Compare
|
|
||
| hostname = self.host | ||
| if getattr(self, '_tunnel_host', None): | ||
| # _tunnel_host was added in Python 2.6.3 |
truthbk
added a commit
that referenced
this pull request
Oct 19, 2015
Enable http_check to function with weak ciphers on SSL/TLS.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
With this PR we enable the RSA+RC4+MD5 cipher which is considered weak. We can add further weak ciphers if needed. Disabled by default, the user must specify
weakciphers: truein their http_check.yaml for this to have any real effect - otherwise weak ciphers are disabled.Session object has nearly identical request method.
Default value for weakcipher is false.
Adding debug logging for weak ciphers.
Importing datetime differently to urllib3 code.
Added Transport adapter for weak cyphers, requests lib sessions required too.
Session object has nearly identical request method.
Default value for weakcipher is false.
Adding debug logging for weak ciphers.
Importing datetime differently to urllib3 code.
Changing cipherlist for weak ciphers, now it works.