From d28f775c71fd1c31b8b34dba6adc936279c8ed2f Mon Sep 17 00:00:00 2001 From: Safihre Date: Wed, 30 Aug 2017 23:14:49 +0200 Subject: [PATCH] Remove information about SSL/TSL Protocols because it is inccorect There is no way to get the actually enabled SSL/TLS protcols on a system, let along from Python. It's not even possible from the `openssl` command line. See also #994 And: https://stackoverflow.com/questions/45924030/get-available-ssl-tls-protocols-in-python-2-7 --- SABnzbd.py | 6 +-- interfaces/Config/templates/config.tmpl | 2 +- sabnzbd/interface.py | 5 +-- sabnzbd/utils/sslinfo.py | 78 --------------------------------- 4 files changed, 5 insertions(+), 86 deletions(-) delete mode 100644 sabnzbd/utils/sslinfo.py diff --git a/SABnzbd.py b/SABnzbd.py index 0d64267..ba46d00 100755 --- a/SABnzbd.py +++ b/SABnzbd.py @@ -37,6 +37,7 @@ import getopt import signal import socket import platform +import ssl import time import re @@ -97,7 +98,6 @@ import sabnzbd.downloader from sabnzbd.encoding import unicoder, deunicode import sabnzbd.notifier as notifier import sabnzbd.zconfig -import sabnzbd.utils.sslinfo from threading import Thread @@ -1177,8 +1177,7 @@ def main(): logging.warning(T("SABnzbd was started with encoding %s, this should be UTF-8. Expect problems with Unicoded file and directory names in downloads.") % preferredencoding) # SSL Information - logging.info("SSL version %s", sabnzbd.utils.sslinfo.ssl_version()) - logging.info("SSL known protocols %s", str(sabnzbd.utils.sslinfo.ssl_protocols_labels())) + logging.info("SSL version %s", ssl.OPENSSL_VERSION) # Load (extra) certificates in the distributions if hasattr(sys, "frozen"): @@ -1189,7 +1188,6 @@ def main(): logging.info('Loaded additional certificates from %s', os.environ["SSL_CERT_FILE"]) # List the number of certificates available - import ssl ctx = ssl.create_default_context() logging.info('Available certificates: %s', repr(ctx.cert_store_stats())) diff --git a/interfaces/Config/templates/config.tmpl b/interfaces/Config/templates/config.tmpl index f60b082..72e68a0 100644 --- a/interfaces/Config/templates/config.tmpl +++ b/interfaces/Config/templates/config.tmpl @@ -30,7 +30,7 @@ OpenSSL: - $ssl_version   [$ssl_protocols] + $ssl_version diff --git a/sabnzbd/interface.py b/sabnzbd/interface.py index 552ec6a..9ae9ddb 100644 --- a/sabnzbd/interface.py +++ b/sabnzbd/interface.py @@ -27,6 +27,7 @@ import urllib import json import re import hashlib +import ssl from threading import Thread from random import randint from xml.sax.saxutils import escape @@ -54,7 +55,6 @@ from sabnzbd.nzbqueue import NzbQueue import sabnzbd.wizard from sabnzbd.utils.servertests import test_nntp_server_dict from sabnzbd.decoder import HAVE_YENC, SABYENC_ENABLED -from sabnzbd.utils.sslinfo import ssl_version, ssl_protocols_labels from sabnzbd.utils.diskspeed import diskspeedmeasure from sabnzbd.utils.getperformance import getpystone @@ -1156,8 +1156,7 @@ class ConfigPage(object): conf['have_mt_par2'] = sabnzbd.newsunpack.PAR2_MT conf['have_ssl_context'] = sabnzbd.HAVE_SSL_CONTEXT - conf['ssl_version'] = ssl_version() - conf['ssl_protocols'] = ', '.join(ssl_protocols_labels()) + conf['ssl_version'] = ssl.OPENSSL_VERSION new = {} for svr in config.get_servers(): diff --git a/sabnzbd/utils/sslinfo.py b/sabnzbd/utils/sslinfo.py deleted file mode 100644 index 23fccc1..0000000 --- a/sabnzbd/utils/sslinfo.py +++ /dev/null @@ -1,78 +0,0 @@ -#!/usr/bin/python -OO -# Copyright 2008-2017 The SABnzbd-Team -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - -""" -sabnzbd.utils.sslinfo - Information on the system's SSL setup -""" - -# v23 indicates "negotiate highest possible" -_ALL_PROTOCOLS = ('v23', 't12', 't11', 't1', 'v3', 'v2') -_SSL_PROTOCOLS = {} -_SSL_PROTOCOLS_LABELS = [] - -try: - import ssl - - # Basic - _SSL_PROTOCOLS['v23'] = ssl.PROTOCOL_SSLv23 - - # Loop through supported versions - for ssl_prop in dir(ssl): - if ssl_prop.startswith('PROTOCOL_'): - if ssl_prop.endswith('SSLv2'): - _SSL_PROTOCOLS['v2'] = ssl.PROTOCOL_SSLv2 - _SSL_PROTOCOLS_LABELS.append('SSL v2') - elif ssl_prop.endswith('SSLv3'): - _SSL_PROTOCOLS['v3'] = ssl.PROTOCOL_SSLv3 - _SSL_PROTOCOLS_LABELS.append('SSL v3') - elif ssl_prop.endswith('TLSv1'): - _SSL_PROTOCOLS['t1'] = ssl.PROTOCOL_TLSv1 - _SSL_PROTOCOLS_LABELS.append('TLS v1') - elif ssl_prop.endswith('TLSv1_1'): - _SSL_PROTOCOLS['t11'] = ssl.PROTOCOL_TLSv1_1 - _SSL_PROTOCOLS_LABELS.append('TLS v1.1') - elif ssl_prop.endswith('TLSv1_2'): - _SSL_PROTOCOLS['t12'] = ssl.PROTOCOL_TLSv1_2 - _SSL_PROTOCOLS_LABELS.append('TLS v1.2') - - # Reverse the labels, SSL's always come first in the dir() - _SSL_PROTOCOLS_LABELS.reverse() -except: - pass - - -def ssl_protocols(): - ''' Return acronyms for SSL protocols ''' - return _SSL_PROTOCOLS.keys() - - -def ssl_protocols_labels(): - ''' Return human readable labels for SSL protocols, highest quality first ''' - return _SSL_PROTOCOLS_LABELS - - -def ssl_version(): - try: - import ssl - return ssl.OPENSSL_VERSION - except (ImportError, AttributeError): - return None - - -if __name__ == '__main__': - print 'SSL version: %s' % ssl_version() - print 'Supported protocols: %s' % ssl_protocols()