| Index: third_party/tlslite/tlslite/TLSConnection.py
|
| ===================================================================
|
| --- third_party/tlslite/tlslite/TLSConnection.py (revision 138367)
|
| +++ third_party/tlslite/tlslite/TLSConnection.py (working copy)
|
| @@ -932,7 +932,7 @@
|
| def handshakeServer(self, sharedKeyDB=None, verifierDB=None,
|
| certChain=None, privateKey=None, reqCert=False,
|
| sessionCache=None, settings=None, checker=None,
|
| - reqCAs=None, tlsIntolerant=False):
|
| + reqCAs=None, tlsIntolerant=0):
|
| """Perform a handshake in the role of server.
|
|
|
| This function performs an SSL or TLS handshake. Depending on
|
| @@ -1019,7 +1019,7 @@
|
| def handshakeServerAsync(self, sharedKeyDB=None, verifierDB=None,
|
| certChain=None, privateKey=None, reqCert=False,
|
| sessionCache=None, settings=None, checker=None,
|
| - reqCAs=None, tlsIntolerant=False):
|
| + reqCAs=None, tlsIntolerant=0):
|
| """Start a server handshake operation on the TLS connection.
|
|
|
| This function returns a generator which behaves similarly to
|
| @@ -1112,7 +1112,13 @@
|
| "Too old version: %s" % str(clientHello.client_version)):
|
| yield result
|
|
|
| - if tlsIntolerant and clientHello.client_version > (3, 0):
|
| + #If tlsIntolerant is nonzero, reject certain TLS versions.
|
| + #1: reject all TLS versions.
|
| + #2: reject TLS 1.1 or higher.
|
| + #3: reject TLS 1.2 or higher.
|
| + if (tlsIntolerant == 1 and clientHello.client_version > (3, 0) or
|
| + tlsIntolerant == 2 and clientHello.client_version > (3, 1) or
|
| + tlsIntolerant == 3 and clientHello.client_version > (3, 2)):
|
| for result in self._sendError(\
|
| AlertDescription.handshake_failure):
|
| yield result
|
|
|
Chromium Code Reviews
Issue 10412042:
Improve the TLS intolerant server testing support added in r134129 (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/