mirror of
https://github.com/dkmstr/openuds.git
synced 2024-12-22 13:34:04 +03:00
HTTPS UDS Actor server supports only TLSv1.3, and upgraded certificate key length to 4096 bits
This commit is contained in:
parent
4517b781cf
commit
7985f44389
@ -159,7 +159,11 @@ class HTTPServerThread(threading.Thread):
|
||||
# self._server.socket = ssl.wrap_socket(self._server.socket, certfile=self.certFile, server_side=True)
|
||||
|
||||
context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
|
||||
# Disable TLSv1.0 and TLSv1.1, disable TLSv1.2, use only TLSv1.3
|
||||
context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_TLSv1_2
|
||||
|
||||
context.set_ciphers('ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CCM:DHE-RSA-AES256-SHA256')
|
||||
|
||||
context.load_cert_chain(certfile=self._certFile, password=password)
|
||||
self._server.socket = context.wrap_socket(self._server.socket, server_side=True)
|
||||
|
||||
|
@ -15,7 +15,7 @@ from cryptography.hazmat.primitives.asymmetric import rsa
|
||||
def selfSignedCert(ip: str) -> typing.Tuple[str, str, str]:
|
||||
key = rsa.generate_private_key(
|
||||
public_exponent=65537,
|
||||
key_size=2048,
|
||||
key_size=4096,
|
||||
backend=default_backend(),
|
||||
)
|
||||
# Create a random password for private key
|
||||
|
Loading…
Reference in New Issue
Block a user