Detect highest TLS version

Signed-off-by: N Dennis de Greef <github@link0.net>

Detect highest TLS version
Signed-off-by: N Dennis de Greef <github@link0.net>
54bdc688 · Dennis de Greef · bfc9bcbd · 54bdc688 · 54bdc688 · 54bdc688
隐藏空白更改
内联并排

Showing with 10 addition and 3 deletion

README.rst README.rst +2 -2

src/paho/mqtt/client.py src/paho/mqtt/client.py +3 -0

test/paho_test.py test/paho_test.py +5 -1

未找到文件。
--- a/README.rst
+++ b/README.rst
@@ -232,7 +232,7 @@ tls_set()
 ::

    tls_set(ca_certs=None, certfile=None, keyfile=None, cert_reqs=ssl.CERT_REQUIRED,
-        tls_version=ssl.PROTOCOL_TLSv1, ciphers=None)
+        tls_version=ssl.PROTOCOL_TLS, ciphers=None)

 Configure network encryption and authentication options. Enables SSL/TLS support.

@@ -246,7 +246,7 @@ cert_reqs
    defines the certificate requirements that the client imposes on the broker. By default this is ``ssl.CERT_REQUIRED``, which means that the broker must provide a certificate. See the ssl pydoc for more information on this parameter.

 tls_version
-    specifies the version of the SSL/TLS protocol to be used. By default TLS v1 is used. Previous versions (all versions beginning with SSL) are possible but not recommended due to possible security problems.
+    specifies the version of the SSL/TLS protocol to be used. By default (if the python version supports it) the highest TLS version is detected. If unavailable, TLS v1 is used. Previous versions (all versions beginning with SSL) are possible but not recommended due to possible security problems.

 ciphers
    a string specifying which encryption ciphers are allowable for this connection, or ``None`` to use the defaults. See the ssl pydoc for more information.

--- a/src/paho/mqtt/client.py
+++ b/src/paho/mqtt/client.py
@@ -641,6 +641,9 @@ class Client(object):
        # Create SSLContext object
        if tls_version is None:
            tls_version = ssl.PROTOCOL_TLSv1
+            # If the python version supports it, use highest TLS version automatically
+            if hasattr(ssl, "PROTOCOL_TLS"):
+                tls_version = ssl.PROTOCOL_TLS
        context = ssl.SSLContext(tls_version)

        # Configure context

--- a/test/paho_test.py
+++ b/test/paho_test.py
@@ -20,12 +20,16 @@ def create_server_socket_ssl(*args, **kwargs):
    if ssl is None:
        raise RuntimeError

+    ssl_version = ssl.PROTOCOL_TLSv1
+    if hasattr(ssl, "PROTOCOL_TLS"):
+        ssl_version = ssl.PROTOCOL_TLS
+
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
    ssock = ssl.wrap_socket(
        sock, ca_certs="../ssl/all-ca.crt",
        keyfile="../ssl/server.key", certfile="../ssl/server.crt",
-        server_side=True, ssl_version=ssl.PROTOCOL_TLSv1, **kwargs)
+        server_side=True, ssl_version=ssl_version, **kwargs)
    ssock.settimeout(10)
    ssock.bind(('', 1888))
    ssock.listen(5)