SSL support

[azoksky]

Modern security standards do not support old/weak short ssl key/cert setups. I also encountered other issues which I had to fix. Also there must be a way to make it work with self-signed cert. Can you make the changes in your code?

I really like this project. The code is robust. You have done a wonderful job. I am using this in stead of ssh as some virtual environment I work with block ssh connections.

For this to work i had to make these changes

Slaver : def _make_ssl_context(self): if ssl is None: log.warning('ssl module is NOT valid in this machine! Fallback to plain') return None

    ctx = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
    ctx.check_hostname = False
    ctx.verify_mode = ssl.CERT_NONE

    return ctx

Master: def _make_ssl_context(self): if ssl is None: log.warning('ssl module is NOT valid in this machine! Fallback to plain') return None ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) ctx.check_hostname = False ctx.verify_mode = ssl.CERT_NONE

    ctx.set_ciphers('DEFAULT@SECLEVEL=1')

    _certfile = tempfile.mktemp()
    with open(_certfile, 'w') as fw:
        fw.write(_DEFAULT_SSL_CERT)
    _keyfile = tempfile.mktemp()
    with open(_keyfile, 'w') as fw:
        fw.write(_DEFAULT_SSL_KEY)
    ctx.load_cert_chain(_certfile, _keyfile)
    os.remove(_certfile)
    os.remove(_keyfile)

    return ctx

Without these modifications, I could not get this to work.

I would request you to modify the code in line with modern standards. Also is it possible to make it work with self-signed cert?

[yumumu1988]

您好，您的邮件我已收到。