Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fb 001 #4

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Fb 001 #4

Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
8f4a6b4
Update api.py
B3K7 Jan 11, 2022
8c10182
Merge branch 'Geotab:master' into fb_001
B3K7 Jan 14, 2022
de81973
Update __init__.py
B3K7 Jan 14, 2022
94ee6ec
Update api.py
B3K7 Jan 14, 2022
b6b2290
Update api.py
B3K7 Jan 14, 2022
93f1c75
Update api.py
B3K7 Jan 14, 2022
e283d60
Update __init__.py
B3K7 Jan 14, 2022
f7b83f1
Update api.py
B3K7 Jan 14, 2022
ddda165
Update api.py
B3K7 Jan 16, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 43 additions & 3 deletions mygeotab/api.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
from requests.adapters import HTTPAdapter
from requests.exceptions import Timeout
from requests.packages import urllib3
from requests.packages.urllib3.util.ssl_ import create_urllib3_context
from six.moves.urllib.parse import urlparse

from . import __title__, __version__
Expand Down Expand Up @@ -307,13 +308,52 @@ def get_param(self):
"""
return dict(userName=self.username, sessionId=self.session_id, database=self.database)


class GeotabHTTPAdapter(HTTPAdapter):
"""HTTP adapter to force use of TLS 1.2 for HTTPS connections."""
"""HTTP adapter to force use of TLS 1.2+ for HTTPS connections."""

def init_poolmanager(self, connections, maxsize, block=False, **pool_kwargs):
ctx = create_urllib3_context()
ctx.load_default_certs()

# disabled SSL2.0 as per:
# Sean Tuner, President, IECA
# Tim Polk, , Computer Scientist, Computer Security Division, NIST
# https://datatracker.ietf.org/doc/rfc6176/
# rfc6176
ctx.options |= ssl.OP_NO_SSLv2

# disabled SSL3.0 as per:
# Richard Barnes, (former) Security Engineering, Mozilla
# Martin Thomson, Distinguished Engineer, Mozilla
# Alfredo Pironti, Cyber Security Specialist, Secure Distributed Computing, INRIA
# Adam Langley, Senior Staff Software Engineer, Google
# rfc7568
# https://datatracker.ietf.org/doc/html/rfc7568
ctx.options |= ssl.OP_NO_SSLv3

# disabled TLSv1.0 and TLSv1.1 as per:
# Kathleen Moriarty, CTO, Center for Internet Security
# Stephen Farrell, Research Fellow, Computer Science, Trinity College Dublin
# RFC 8996
# https://datatracker.ietf.org/doc/rfc8996/
ctx.options |= ssl.OP_NO_TLSv1
ctx.options |= ssl.OP_NO_TLSv1_1

#enabled TLS1.2 + TLS1.3 as per:
# tbd
ctx.options |= ssl.PROTOCOL_TLS

#disabled ECDSA as per
# tbd
#enabled ECDHE+AESGCM as per
# tbd
ctx.set_ciphers('ECDHE+AESGCM:!ECDSA')

ctx.set_ecdh_curve('secp384r1')

self.poolmanager = urllib3.poolmanager.PoolManager(
num_pools=connections, maxsize=maxsize, block=block, ssl_version=ssl.PROTOCOL_TLSv1_2, **pool_kwargs
num_pools=connections, maxsize=maxsize, block=block, ssl_context=ctx, **pool_kwargs
)


Expand Down