github/plexpy
1
0
Fork 0
mirror of https://github.com/Tautulli/Tautulli.git synced 2025-07-07 21:51:14 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Disable TLS 1.0 and TLS 1.1 in webserver

Browse source 
Fixes #1870
This commit is contained in:
JonnyWong16 2022-11-13 00:19:02 -08:00
parent 05739ea959
commit 977eec8a66
No known key found for this signature in database
GPG key ID: B1F1F9807184697A
1 changed files with 12 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
plexpy/webstart.py
View file

@ -16,6 +16,7 @@
# along with Tautulli. If not, see <http://www.gnu.org/licenses/>.
import os
import ssl
import sys
import cherrypy
@ -101,6 +102,17 @@ def initialize(options):
options_dict['engine.autoreload.on'] = True
if enable_https:
context = ssl.create_default_context(
purpose=ssl.Purpose.CLIENT_AUTH,
cafile=https_cert_chain
)
# Context options:
# PROTOCOL_TLS_SERVER | OP_NO_SSLv2 | OP_NO_SSLv3 | OP_NO_TLSv1 | OP_NO_TLSv1_1
context.options |= ssl.OP_NO_TLSv1
context.options |= ssl.OP_NO_TLSv1_1
context.load_cert_chain(https_cert, https_key)
options_dict['server.ssl_context'] = context
options_dict['server.ssl_certificate'] = https_cert
options_dict['server.ssl_certificate_chain'] = https_cert_chain
options_dict['server.ssl_private_key'] = https_key