changeset e5f4043c4990 in /home/hg/repos/python-nbxmpp
details:http://hg.gajim.org/python-nbxmpp?cmd=changeset;node=e5f4043c4990
description: Disable session resumption, protection against Triple Handshakes
TLS attack.
Session resumption is currently not supported in Gajim, because
Connection.get_session, Connection.set_session are not used. But in
case someone will try to use them in future disable session cache
using Context.set_session_cache_mode(OpenSSL.SSL.SESS_CACHE_OFF)
Fixes #21
diffstat:
nbxmpp/tls_nb.py | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diffs (16 lines):
diff -r 25b4cf13cadb -r e5f4043c4990 nbxmpp/tls_nb.py
--- a/nbxmpp/tls_nb.py Tue Mar 04 17:46:08 2014 +0100
+++ b/nbxmpp/tls_nb.py Tue Mar 04 17:58:52 2014 +0100
@@ -387,6 +387,12 @@
tcpsock._sslContext.set_options(flags)
+ try: # Supported only pyOpenSSL >= 0.14
+ # Disable session resumption, protection against Triple Handshakes
TLS attack
+
tcpsock._sslContext.set_session_cache_mode(OpenSSL.SSL.SESS_CACHE_OFF)
+ except AttributeError, e:
+ pass
+
# NonBlockingHTTPBOSH instance has no attribute _owner
if hasattr(tcpsock, '_owner') and tcpsock._owner._caller.client_cert \
and os.path.exists(tcpsock._owner._caller.client_cert):
_______________________________________________
Commits mailing list
[email protected]
http://lists.gajim.org/cgi-bin/listinfo/commits
