Comments
Patch
@@ -15,7 +15,6 @@ import re
import ssl
from .i18n import _
-from .pycompat import getattr
from . import (
encoding,
error,
@@ -42,7 +41,7 @@ configprotocols = {
b'tls1.2',
}
-hassni = getattr(ssl, 'HAS_SNI', False)
+hassni = ssl.HAS_SNI
supportedprotocols = {
b'tls1.0',
@@ -260,8 +259,7 @@ def protocolsettings(protocol):
raise error.Abort(_(b'this should not happen'))
# Prevent CRIME.
- # There is no guarantee this attribute is defined on the module.
- options |= getattr(ssl, 'OP_NO_COMPRESSION', 0)
+ options |= ssl.OP_NO_COMPRESSION
return ssl.PROTOCOL_SSLv23, options, protocol
@@ -502,13 +500,12 @@ def wrapserversocket(
sslcontext.options |= options
# Improve forward secrecy.
- sslcontext.options |= getattr(ssl, 'OP_SINGLE_DH_USE', 0)
- sslcontext.options |= getattr(ssl, 'OP_SINGLE_ECDH_USE', 0)
+ sslcontext.options |= ssl.OP_SINGLE_DH_USE
+ sslcontext.options |= ssl.OP_SINGLE_ECDH_USE
- # Use the list of more secure ciphers if found in the ssl module.
- if util.safehasattr(ssl, b'_RESTRICTED_SERVER_CIPHERS'):
- sslcontext.options |= getattr(ssl, 'OP_CIPHER_SERVER_PREFERENCE', 0)
- sslcontext.set_ciphers(ssl._RESTRICTED_SERVER_CIPHERS)
+ # Use the list of more secure ciphers.
+ sslcontext.options |= ssl.OP_CIPHER_SERVER_PREFERENCE
+ sslcontext.set_ciphers(ssl._RESTRICTED_SERVER_CIPHERS)
if requireclientcert:
sslcontext.verify_mode = ssl.CERT_REQUIRED