Skip to content

Commit

Permalink
Adjust ciphers to work with broader range of JSS's.
Browse files Browse the repository at this point in the history
  • Loading branch information
Shea Craig committed Jul 28, 2015
1 parent f8ab936 commit 88484d0
Show file tree
Hide file tree
Showing 2 changed files with 57 additions and 18 deletions.
2 changes: 1 addition & 1 deletion jss/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,4 +31,4 @@
JSSUnsupportedFileType, JSSError)
from tools import is_osx, is_linux

__version__ = "1.2.0"
__version__ = "1.2.1b1"
73 changes: 56 additions & 17 deletions jss/tlsadapter.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,27 +26,36 @@
from requests.packages.urllib3.contrib import pyopenssl


CIPHER_LIST = ":".join(["ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
# This is the list JAMF specifies here:
# https://jamfnation.jamfsoftware.com/article.html?id=384
# Plus the exclusions from
# https://wiki.mozilla.org/Security/Server_Side_TLS
# Plus the cipher known to work with test setup.
CIPHER_LIST = ":".join(["ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-AES256-GCM-SHA384",
"DHE-RSA-AES128-GCM-SHA256",
"DHE-DSS-AES128-GCM-SHA256",
"kEDH+AESGCM",
"ECDHE-RSA-AES128-SHA256",
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-RSA-AES128-SHA",
"ECDHE-ECDSA-AES128-SHA",
"ECDH-RSA-AES256-GCM-SHA384",
"ECDH-ECDSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDH-RSA-AES128-GCM-SHA256",
"ECDH-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-SHA384",
"ECDHE-ECDSA-AES256-SHA384",
"ECDHE-RSA-AES256-SHA",
"ECDHE-ECDSA-AES256-SHA",
"DHE-RSA-AES128-SHA256",
"DHE-RSA-AES128-SHA",
"DHE-DSS-AES128-SHA256",
"DHE-RSA-AES256-SHA256",
"DHE-DSS-AES256-SHA",
"DHE-RSA-AES256-SHA",
"ECDH-RSA-AES256-SHA384",
"ECDH-ECDSA-AES256-SHA384",
"ECDH-RSA-AES256-SHA",
"ECDH-ECDSA-AES256-SHA",
"ECDHE-RSA-AES128-SHA256",
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-RSA-AES128-SHA",
"ECDHE-ECDSA-AES128-SHA",
"ECDH-RSA-AES128-SHA256",
"ECDH-ECDSA-AES128-SHA256",
"ECDH-RSA-AES128-SHA",
"ECDH-ECDSA-AES128-SHA",
"AES128-SHA",
"!aNULL",
"!eNULL",
"!EXPORT",
Expand All @@ -55,7 +64,37 @@
"!3DES",
"!MD5",
"!PSK"])

# Ciphers provided from
# https://wiki.mozilla.org/Security/Server_Side_TLS
# CIPHER_LIST = ":".join(["ECDHE-RSA-AES128-GCM-SHA256",
# "ECDHE-ECDSA-AES128-GCM-SHA256",
# "ECDHE-RSA-AES256-GCM-SHA384",
# "ECDHE-ECDSA-AES256-GCM-SHA384",
# "DHE-RSA-AES128-GCM-SHA256",
# "DHE-DSS-AES128-GCM-SHA256",
# "kEDH+AESGCM",
# "ECDHE-RSA-AES128-SHA256",
# "ECDHE-ECDSA-AES128-SHA256",
# "ECDHE-RSA-AES128-SHA",
# "ECDHE-ECDSA-AES128-SHA",
# "ECDHE-RSA-AES256-SHA384",
# "ECDHE-ECDSA-AES256-SHA384",
# "ECDHE-RSA-AES256-SHA",
# "ECDHE-ECDSA-AES256-SHA",
# "DHE-RSA-AES128-SHA256",
# "DHE-RSA-AES128-SHA",
# "DHE-DSS-AES128-SHA256",
# "DHE-RSA-AES256-SHA256",
# "DHE-DSS-AES256-SHA",
# "DHE-RSA-AES256-SHA",
# "!aNULL",
# "!eNULL",
# "!EXPORT",
# "!DES",
# "!RC4",
# "!3DES",
# "!MD5",
# "!PSK"])


class TLSAdapter(HTTPAdapter):
Expand Down

0 comments on commit 88484d0

Please sign in to comment.