Menu
I'm implementing SSL connection in my web.py however the server fails security scanning and stuck on TLS Renegotiation DoS vulnerability.
Here is my code snippet:
import web
from web.wsgiserver import CherryPyWSGIServer
CherryPyWSGIServer.ssl_certificate = "path/to/ssl_certificate"
CherryPyWSGIServer.ssl_private_key = "path/to/ssl_private_key"
urls = ("/.*", "hello")
app = web.application(urls, globals())
class hello:
def GET(self):
return 'Hello, world!'
if __name__ == "__main__":
app.run()
Is it any possible way to disable TLS Renegotiation in web.py? Thanks!
889
Five years without an answer? I assume the APIs you've been using have changed by now. But since the title of the question refers to Python in general, I'll answer that.
Python 3.7 has a flag for disabling renegotiation, but it requires openssl 1.1.0 or later. For older Python versions, the trick seems to be to update the underlying openssl library.
For background, see the discussion in this issue: https://bugs.python.org/issue32257
63
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
