add SSL_CTX_set_security_level to C binding

[lanyizi]

These functions can be used to control the security level of a SSL context, which sometimes can be useful.

[alex]

Can you provide a bit more context on the intended use here? Do you intend to submit a PR to pyOpenSSL using this?

[tiran]

FYI, you can already set the security level with SSL_CTX_set_cipher_list, e.g. "@SECLEVEL=1:DEFAULT".

[lanyizi]

Can you provide a bit more context on the intended use here? Do you intend to submit a PR to pyOpenSSL using this?

We are trying to write a server emulator for a very old game, its server used a very old 512-bit RSA private key for SSL connection. That key is now considered insecure and rejected by OpenSSL (SSL_R_EE_KEY_TOO_SMALL), but by setting the security level to 0, it should allow any key size.

Personally I could just obtain the lib module from pyOpenSSL (although it's a bit hackish), but if it's necessary I can also make a relevant pull request to pyOpenSSL to expose a python method for the Context object.

FYI, you can already set the security level with SSL_CTX_set_cipher_list, e.g. "@SECLEVEL=1:DEFAULT". Oh, I didn't know about that, gotta try it first, thanks for the tip!

[alex]

Yes if the existing APIs for setting ciphersuties are usable, that'd be enable. I don't love adding new APIs for the sole goal of enabling weaker security!

[alex]

No response for a month so I'm going to close this. Please leave a comment if we should re-open.