From d765544edd757e274016d10346eff8ef4948c572 Mon Sep 17 00:00:00 2001 From: Jean-Marc Martins Date: Fri, 13 Dec 2013 14:31:09 +0100 Subject: [PATCH 1/2] Add ssl protocol and ciphers in config --- config | 4 ++++ radicale/__init__.py | 7 ++++--- radicale/config.py | 2 ++ 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/config b/config index c4898e1d..8b7c648b 100644 --- a/config +++ b/config @@ -25,6 +25,10 @@ ssl = False certificate = /etc/apache2/ssl/server.crt # SSL private key key = /etc/apache2/ssl/server.key +# SSL Protocol used. See python's ssl module for available values +protocol = PROTOCOL_SSLv23 +# Ciphers available. See python's ssl module for available ciphers +ciphers = None # Reverse DNS to resolve client address in logs dns_lookup = True # Root URL of Radicale (starting and ending with a slash) diff --git a/radicale/__init__.py b/radicale/__init__.py index 41bab4f0..389c7510 100644 --- a/radicale/__init__.py +++ b/radicale/__init__.py @@ -98,7 +98,9 @@ class HTTPSServer(HTTPServer): server_side=True, certfile=config.get("server", "certificate"), keyfile=config.get("server", "key"), - ssl_version=ssl.PROTOCOL_SSLv23) + ssl_version=getattr(ssl, config.get("server", "protocol"), + ssl.PROTOCOL_SSLv23), + ciphers=config.get("server", "ciphers")) self.server_bind() self.server_activate() @@ -271,8 +273,7 @@ class Application(object): authorization = environ.get("HTTP_AUTHORIZATION", None) if authorization: - authorization = \ - authorization.decode("ascii").lstrip("Basic").strip() + authorization = authorization.lstrip("Basic").strip() user, password = self.decode(base64.b64decode( authorization.encode("ascii")), environ).split(":", 1) else: diff --git a/radicale/config.py b/radicale/config.py index 9cdad823..08482b37 100644 --- a/radicale/config.py +++ b/radicale/config.py @@ -45,6 +45,8 @@ INITIAL_CONFIG = { "ssl": "False", "certificate": "/etc/apache2/ssl/server.crt", "key": "/etc/apache2/ssl/server.key", + "protocol": "PROTOCOL_SSLv23", + "ciphers": None, "dns_lookup": "True", "base_prefix": "/", "realm": "Radicale - Password Required"}, From f377bd1356c3f5d1e16c40a6b71c398b630899f2 Mon Sep 17 00:00:00 2001 From: Jean-Marc Martins Date: Fri, 13 Dec 2013 15:17:30 +0100 Subject: [PATCH 2/2] Fix ssl protocol --- config | 2 +- radicale/__init__.py | 2 +- radicale/config.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config b/config index 8b7c648b..42ce247b 100644 --- a/config +++ b/config @@ -28,7 +28,7 @@ key = /etc/apache2/ssl/server.key # SSL Protocol used. See python's ssl module for available values protocol = PROTOCOL_SSLv23 # Ciphers available. See python's ssl module for available ciphers -ciphers = None +ciphers = # Reverse DNS to resolve client address in logs dns_lookup = True # Root URL of Radicale (starting and ending with a slash) diff --git a/radicale/__init__.py b/radicale/__init__.py index 389c7510..f14f4f3c 100644 --- a/radicale/__init__.py +++ b/radicale/__init__.py @@ -100,7 +100,7 @@ class HTTPSServer(HTTPServer): keyfile=config.get("server", "key"), ssl_version=getattr(ssl, config.get("server", "protocol"), ssl.PROTOCOL_SSLv23), - ciphers=config.get("server", "ciphers")) + ciphers=config.get("server", "ciphers") or None) self.server_bind() self.server_activate() diff --git a/radicale/config.py b/radicale/config.py index 08482b37..71d27a8a 100644 --- a/radicale/config.py +++ b/radicale/config.py @@ -46,7 +46,7 @@ INITIAL_CONFIG = { "certificate": "/etc/apache2/ssl/server.crt", "key": "/etc/apache2/ssl/server.key", "protocol": "PROTOCOL_SSLv23", - "ciphers": None, + "ciphers": "", "dns_lookup": "True", "base_prefix": "/", "realm": "Radicale - Password Required"},