Always require TLS1.2 or higher for NNTP connections

4 years ago · 85db706bbe
3 changed files with 3 additions and 3 deletions
--- a/sabnzbd/cfg.py
+++ b/sabnzbd/cfg.py
@ -289,7 +289,7 @@ api_warnings = OptionBool("misc", "api_warnings", True, protect=True)
 disable_key = OptionBool("misc", "disable_api_key", False, protect=True)
 no_penalties = OptionBool("misc", "no_penalties", False)
 x_frame_options = OptionBool("misc", "x_frame_options", True)
-require_modern_tls = OptionBool("misc", "require_modern_tls", False)
+allow_old_ssl_tls = OptionBool("misc", "allow_old_ssl_tls", False)
 num_decoders = OptionNumber("misc", "num_decoders", 3)

 # Text values
--- a/sabnzbd/interface.py
+++ b/sabnzbd/interface.py
@ -908,7 +908,7 @@ SPECIAL_BOOL_LIST = (
    "disable_api_key",
    "api_logging",
    "x_frame_options",
-    "require_modern_tls",
+    "allow_old_ssl_tls",
 )
 SPECIAL_VALUE_LIST = (
    "downloader_sleep_time",
--- a/sabnzbd/newswrapper.py
+++ b/sabnzbd/newswrapper.py
@ -286,7 +286,7 @@ class NNTP:
                # Setup the SSL socket
                ctx = ssl.create_default_context()

-                if sabnzbd.cfg.require_modern_tls():
+                if not sabnzbd.cfg.allow_old_ssl_tls():
                    # We want a modern TLS (1.2 or higher), so we disallow older protocol versions (<= TLS 1.1)
                    ctx.options |= ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1