def _parse_all_cipher_suites_with_legacy_openssl( tls_version: TlsVersionEnum) -> Set[str]: ssl_client = LegacySslClient( ssl_version=OpenSslVersionEnum(tls_version.value)) # Disable SRP and PSK cipher suites as they need a special setup in the client and are never used ssl_client.set_cipher_list("ALL:COMPLEMENTOFALL:-PSK:-SRP") return set(ssl_client.get_cipher_list())
def requires_legacy_openssl(cls, openssl_cipher_name: str) -> bool: # Get the list of all ciphers supported by the legacy OpenSSL legacy_client = LegacySslClient(ssl_version=OpenSslVersionEnum.TLSV1_2, ssl_verify=OpenSslVerifyEnum.NONE) legacy_client.set_cipher_list('ALL:COMPLEMENTOFALL') legacy_ciphers = legacy_client.get_cipher_list() # Always use the legacy client if it supports the cipher suite, as the modern OpenSSL (1.1.x) does not support # weak ciphers, even with the right compilation options; the handshake fails with a "no ciphers available" error # but it actually means that OpenSSL does not support the cipher return openssl_cipher_name in legacy_ciphers