Check if a TLS/SSL version is enabled :param version: TLS version name or ssl.TLSVersion member :return: bool
(version)
| 208 | |
| 209 | @functools.lru_cache |
| 210 | def has_tls_version(version): |
| 211 | """Check if a TLS/SSL version is enabled |
| 212 | |
| 213 | :param version: TLS version name or ssl.TLSVersion member |
| 214 | :return: bool |
| 215 | """ |
| 216 | if isinstance(version, str): |
| 217 | version = ssl.TLSVersion.__members__[version] |
| 218 | |
| 219 | # check compile time flags like ssl.HAS_TLSv1_2 |
| 220 | if not getattr(ssl, f'HAS_{version.name}'): |
| 221 | return False |
| 222 | |
| 223 | if IS_OPENSSL_3_0_0 and version < ssl.TLSVersion.TLSv1_2: |
| 224 | # bpo43791: 3.0.0-alpha14 fails with TLSV1_ALERT_INTERNAL_ERROR |
| 225 | return False |
| 226 | |
| 227 | # check runtime and dynamic crypto policy settings. A TLS version may |
| 228 | # be compiled in but disabled by a policy or config option. |
| 229 | ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) |
| 230 | if ( |
| 231 | hasattr(ctx, 'minimum_version') and |
| 232 | ctx.minimum_version != ssl.TLSVersion.MINIMUM_SUPPORTED and |
| 233 | version < ctx.minimum_version |
| 234 | ): |
| 235 | return False |
| 236 | if ( |
| 237 | hasattr(ctx, 'maximum_version') and |
| 238 | ctx.maximum_version != ssl.TLSVersion.MAXIMUM_SUPPORTED and |
| 239 | version > ctx.maximum_version |
| 240 | ): |
| 241 | return False |
| 242 | |
| 243 | return True |
| 244 | |
| 245 | |
| 246 | def requires_tls_version(version): |
no outgoing calls
no test coverage detected
searching dependent graphs…