def _parse_all_cipher_suites_with_legacy_openssl(
tls_version: TlsVersionEnum) -> Set[str]:
ssl_client = LegacySslClient(
ssl_version=OpenSslVersionEnum(tls_version.value))
# Disable SRP and PSK cipher suites as they need a special setup in the client and are never used
ssl_client.set_cipher_list("ALL:COMPLEMENTOFALL:-PSK:-SRP")
return set(ssl_client.get_cipher_list())
def requires_legacy_openssl(cls, openssl_cipher_name: str) -> bool:
# Get the list of all ciphers supported by the legacy OpenSSL
legacy_client = LegacySslClient(ssl_version=OpenSslVersionEnum.TLSV1_2, ssl_verify=OpenSslVerifyEnum.NONE)
legacy_client.set_cipher_list('ALL:COMPLEMENTOFALL')
legacy_ciphers = legacy_client.get_cipher_list()
# Always use the legacy client if it supports the cipher suite, as the modern OpenSSL (1.1.x) does not support
# weak ciphers, even with the right compilation options; the handshake fails with a "no ciphers available" error
# but it actually means that OpenSSL does not support the cipher
return openssl_cipher_name in legacy_ciphers