Skip to content

Commit 5ab2031

Browse files
shortcutmeshortcutme
committed
Fix ssl compatibility with older clients, prefer chacha20-poly1305 if possible
1 parent cdd0f9c commit 5ab2031

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

src/Crypt/CryptConnection.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ def selectCrypt(self, client_supported):
3939
# Return: wrapped socket
4040
def wrapSocket(self, sock, crypt, server=False, cert_pin=None):
4141
if crypt == "tls-rsa":
42-
ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CBC-SHA:ECDHE-ECDSA-AES128-CBC-SHA:ECDHE-RSA-AES128-CBC-SHA:ECDHE-RSA-AES256-CBC-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:RSA-AES128-SHA:RSA-AES256-SHA:RSA-DES-192-CBC3-SHA:"
42+
ciphers = "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:AES128-SHA256:AES256-SHA:"
4343
ciphers += "!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK"
4444
if server:
4545
sock_wrapped = ssl.wrap_socket(

0 commit comments

Comments
 (0)