From 7c367b7b8ad1acf7fa6668e74f68aa4c3177d671 Mon Sep 17 00:00:00 2001
From: rnhmjoj <micheleguerinirocco@me.com>
Date: Tue, 31 Mar 2015 01:04:05 +0200
Subject: [PATCH] Improve TLS security

---
 hyp/__init__.py |  6 +-----
 hyp/hyp.py      | 17 +++++++++++------
 setup.py        | 11 +++++++++--
 3 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/hyp/__init__.py b/hyp/__init__.py
index 649ec85..10884b1 100644
--- a/hyp/__init__.py
+++ b/hyp/__init__.py
@@ -1,5 +1 @@
-from .hyp import UploadHandler, check_cert, serve
-
-if __name__ == '__main__':
-	from .hyp import main
-	main()
\ No newline at end of file
+from .hyp import UploadHandler, check_cert, serve
\ No newline at end of file
diff --git a/hyp/hyp.py b/hyp/hyp.py
index bcc0b81..317086b 100644
--- a/hyp/hyp.py
+++ b/hyp/hyp.py
@@ -81,15 +81,20 @@ def serve(address, port, tls_dir, upload):
             server = http.HTTPServer(bind, http.SimpleHTTPRequestHandler)
         if use_tls:
             try:
-                protocol = ssl.PROTOCOL_TLSv1_2
+                context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
             except AttributeError:
                 print('hyp needs TLSv1.2. You must have openssl >= 1.0.1')
                 sys.exit(1)
-            tls_socket = ssl.wrap_socket(server.socket, server_side=True,
-                    certfile=path.join(tls_dir, 'https-cert.pem'),
-                    keyfile=path.join(tls_dir,'https-key.pem'),
-                    ssl_version=protocol)
-            server.socket = tls_socket
+            context.set_ecdh_curve('prime256v1')
+            context.set_ciphers('AES256+EECDH:AES256+EDH')
+            context.options = (ssl.OP_ALL |
+                               ssl.OP_NO_COMPRESSION | 
+                               ssl.OP_SINGLE_ECDH_USE |
+                               ssl.OP_CIPHER_SERVER_PREFERENCE)
+            context.load_cert_chain(
+                        certfile=path.join(tls_dir, 'https-cert.pem'),
+                        keyfile=path.join(tls_dir,'https-key.pem'))
+            server.socket = context.wrap_socket(server.socket, server_side=True)
     except Exception as e:
         print('Error %d: %s' % e.args)
         sys.exit(e.errno)
diff --git a/setup.py b/setup.py
index 3493b90..30e321b 100644
--- a/setup.py
+++ b/setup.py
@@ -1,7 +1,7 @@
 from setuptools import setup
 
 setup(name='hyp-server',
-    version='1.0.0',
+    version='1.1.0',
     description='Hyperminimal https server',
     url='http://github.com/rnhmjoj/hyp',
     author='rnhmjoj',
@@ -11,4 +11,11 @@ setup(name='hyp-server',
     entry_points={
         'console_scripts': ['hyp = hyp.hyp:main']
     },
-    )
\ No newline at end of file
+    keywords=['http', 'https', 'ssl', 'tls', 'upload', 'server'],
+    classifiers=[
+        'Topic :: Internet :: WWW/HTTP :: HTTP Servers',
+        'Topic :: Communications :: File Sharing',
+        'Programming Language :: Python :: 3 :: Only',
+        'License :: OSI Approved :: MIT License',
+        'License :: OSI Approved :: GNU General Public License (GPL)',
+    ])
\ No newline at end of file