def _parse_all_cipher_suites_with_legacy_openssl(
tls_version: TlsVersionEnum) -> Set[str]:
ssl_client = LegacySslClient(
ssl_version=OpenSslVersionEnum(tls_version.value))
# Disable SRP and PSK cipher suites as they need a special setup in the client and are never used
ssl_client.set_cipher_list("ALL:COMPLEMENTOFALL:-PSK:-SRP")
return set(ssl_client.get_cipher_list())
def requires_legacy_openssl(cls, openssl_cipher_name: str) -> bool:
# Get the list of all ciphers supported by the legacy OpenSSL
legacy_client = LegacySslClient(ssl_version=OpenSslVersionEnum.TLSV1_2, ssl_verify=OpenSslVerifyEnum.NONE)
legacy_client.set_cipher_list('ALL:COMPLEMENTOFALL')
legacy_ciphers = legacy_client.get_cipher_list()
# Always use the legacy client if it supports the cipher suite, as the modern OpenSSL (1.1.x) does not support
# weak ciphers, even with the right compilation options; the handshake fails with a "no ciphers available" error
# but it actually means that OpenSSL does not support the cipher
return openssl_cipher_name in legacy_ciphers
def setUp(self):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(5)
sock.connect(('www.google.com', 443))
ssl_client = LegacySslClient(ssl_version=OpenSslVersionEnum.SSLV23, underlying_socket=sock,
ssl_verify=OpenSslVerifyEnum.NONE)
ssl_client.set_cipher_list('ECDH') # Needed for test_get_ecdh_param()
ssl_client.do_handshake()
self.ssl_client = ssl_client