Skip to content

Commit

Permalink
Change: Set TLS minimum version, avoid version protocols
Browse files Browse the repository at this point in the history 
TLS connections now require TLS 1.2 as the minimum version whether
certificate files are given or not.
Also, the deprecated version specific protocol for TLS 1.2 is no
longer used.

This changes prevents possible security issues from allowing
connections with older, less secure TLS versions.
  • Loading branch information
@timopollmeier @bjoernricks
timopollmeier authored and bjoernricks committed May 12, 2023
1 parent cb66b1a commit 311fac5
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion gvm/connections.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -494,8 +494,13 @@ def _new_socket(self):
keyfile=self.keyfile,
password=self.password,
)
context.minimum_version = ssl.TLSVersion.TLSv1_2
else:
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
context.minimum_version = ssl.TLSVersion.TLSv1_2
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE

sock = context.wrap_socket(transport_socket, server_side=False)

sock.settimeout(self._timeout)
Expand Down

0 comments on commit 311fac5

Please sign in to comment.