rnhmjoj/hyp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Improve TLS security

Browse Source
This commit is contained in:
rnhmjoj 2015-03-31 01:04:05 +02:00
parent 3f6c3d9310
commit 7c367b7b8a
3 changed files with 21 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
hyp/__init__.py
View File

@ -1,5 +1 @@
from .hyp import UploadHandler, check_cert, serve from .hyp import UploadHandler, check_cert, serve
if __name__ == '__main__':
from .hyp import main
main()

15
hyp/hyp.py
View File

@ -81,15 +81,20 @@ def serve(address, port, tls_dir, upload):
server = http.HTTPServer(bind, http.SimpleHTTPRequestHandler) server = http.HTTPServer(bind, http.SimpleHTTPRequestHandler)
if use_tls: if use_tls:
try: try:
protocol = ssl.PROTOCOL_TLSv1_2 context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
except AttributeError: except AttributeError:
print('hyp needs TLSv1.2. You must have openssl >= 1.0.1') print('hyp needs TLSv1.2. You must have openssl >= 1.0.1')
sys.exit(1) sys.exit(1)
tls_socket = ssl.wrap_socket(server.socket, server_side=True, context.set_ecdh_curve('prime256v1')
context.set_ciphers('AES256+EECDH:AES256+EDH')
context.options = (ssl.OP_ALL |
ssl.OP_NO_COMPRESSION |
ssl.OP_SINGLE_ECDH_USE |
ssl.OP_CIPHER_SERVER_PREFERENCE)
context.load_cert_chain(
certfile=path.join(tls_dir, 'https-cert.pem'), certfile=path.join(tls_dir, 'https-cert.pem'),
keyfile=path.join(tls_dir,'https-key.pem'), keyfile=path.join(tls_dir,'https-key.pem'))
ssl_version=protocol) server.socket = context.wrap_socket(server.socket, server_side=True)
server.socket = tls_socket
except Exception as e: except Exception as e:
print('Error %d: %s' % e.args) print('Error %d: %s' % e.args)
sys.exit(e.errno) sys.exit(e.errno)

11
setup.py
View File

@ -1,7 +1,7 @@
from setuptools import setup from setuptools import setup
setup(name='hyp-server', setup(name='hyp-server',
version='1.0.0', version='1.1.0',
description='Hyperminimal https server', description='Hyperminimal https server',
url='http://github.com/rnhmjoj/hyp', url='http://github.com/rnhmjoj/hyp',
author='rnhmjoj', author='rnhmjoj',
@ -11,4 +11,11 @@ setup(name='hyp-server',
entry_points={ entry_points={
'console_scripts': ['hyp = hyp.hyp:main'] 'console_scripts': ['hyp = hyp.hyp:main']
}, },
) keywords=['http', 'https', 'ssl', 'tls', 'upload', 'server'],
classifiers=[
'Topic :: Internet :: WWW/HTTP :: HTTP Servers',
'Topic :: Communications :: File Sharing',
'Programming Language :: Python :: 3 :: Only',
'License :: OSI Approved :: MIT License',
'License :: OSI Approved :: GNU General Public License (GPL)',
])