1
0
mirror of https://github.com/dkmstr/openuds.git synced 2024-12-22 13:34:04 +03:00

HTTPS UDS Actor server supports only TLSv1.3, and upgraded certificate key length to 4096 bits

This commit is contained in:
Adolfo Gómez García 2023-03-08 15:47:38 +01:00
parent 4517b781cf
commit 7985f44389
No known key found for this signature in database
GPG Key ID: DD1ABF20724CDA23
2 changed files with 5 additions and 1 deletions

View File

@ -159,7 +159,11 @@ class HTTPServerThread(threading.Thread):
# self._server.socket = ssl.wrap_socket(self._server.socket, certfile=self.certFile, server_side=True)
context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
# Disable TLSv1.0 and TLSv1.1, disable TLSv1.2, use only TLSv1.3
context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_TLSv1_2
context.set_ciphers('ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CCM:DHE-RSA-AES256-SHA256')
context.load_cert_chain(certfile=self._certFile, password=password)
self._server.socket = context.wrap_socket(self._server.socket, server_side=True)

View File

@ -15,7 +15,7 @@ from cryptography.hazmat.primitives.asymmetric import rsa
def selfSignedCert(ip: str) -> typing.Tuple[str, str, str]:
key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
key_size=4096,
backend=default_backend(),
)
# Create a random password for private key