diff --git a/config b/config index c4898e1d..8b7c648b 100644 --- a/config +++ b/config @@ -25,6 +25,10 @@ ssl = False certificate = /etc/apache2/ssl/server.crt # SSL private key key = /etc/apache2/ssl/server.key +# SSL Protocol used. See python's ssl module for available values +protocol = PROTOCOL_SSLv23 +# Ciphers available. See python's ssl module for available ciphers +ciphers = None # Reverse DNS to resolve client address in logs dns_lookup = True # Root URL of Radicale (starting and ending with a slash) diff --git a/radicale/__init__.py b/radicale/__init__.py index 41bab4f0..389c7510 100644 --- a/radicale/__init__.py +++ b/radicale/__init__.py @@ -98,7 +98,9 @@ class HTTPSServer(HTTPServer): server_side=True, certfile=config.get("server", "certificate"), keyfile=config.get("server", "key"), - ssl_version=ssl.PROTOCOL_SSLv23) + ssl_version=getattr(ssl, config.get("server", "protocol"), + ssl.PROTOCOL_SSLv23), + ciphers=config.get("server", "ciphers")) self.server_bind() self.server_activate() @@ -271,8 +273,7 @@ class Application(object): authorization = environ.get("HTTP_AUTHORIZATION", None) if authorization: - authorization = \ - authorization.decode("ascii").lstrip("Basic").strip() + authorization = authorization.lstrip("Basic").strip() user, password = self.decode(base64.b64decode( authorization.encode("ascii")), environ).split(":", 1) else: diff --git a/radicale/config.py b/radicale/config.py index 9cdad823..08482b37 100644 --- a/radicale/config.py +++ b/radicale/config.py @@ -45,6 +45,8 @@ INITIAL_CONFIG = { "ssl": "False", "certificate": "/etc/apache2/ssl/server.crt", "key": "/etc/apache2/ssl/server.key", + "protocol": "PROTOCOL_SSLv23", + "ciphers": None, "dns_lookup": "True", "base_prefix": "/", "realm": "Radicale - Password Required"},