Commit fa5ed031 authored by fedor.brunner's avatar fedor.brunner

Add ability to configure TLS protocol version.

add configuration option tls_version

Related to
https://python-nbxmpp.gajim.org/ticket/17
parent b748b4ce
......@@ -349,6 +349,7 @@ class Config:
'enable_esessions': [opt_bool, True, _('Enable ESessions encryption for this account.')],
'autonegotiate_esessions': [opt_bool, True, _('Should Gajim automatically start an encrypted session when possible?')],
'connection_types': [ opt_str, 'tls ssl plain', _('Ordered list (space separated) of connection type to try. Can contain tls, ssl or plain')],
'tls_version': [ opt_str, '1.0', '' ],
'cipher_list': [ opt_str, 'HIGH:!aNULL:RC4-SHA', '' ],
'action_when_plaintext_connection': [ opt_str, 'warn', _('Show a warning dialog before sending password on an plaintext connection. Can be \'warn\', \'connect\', \'disconnect\'') ],
'warn_when_insecure_ssl_connection': [ opt_bool, True, _('Show a warning dialog before using standard SSL library.') ],
......
......@@ -1253,9 +1253,11 @@ class Connection(CommonConnection, ConnectionHandlers):
if not os.path.exists(cacerts):
cacerts = ''
mycerts = common.gajim.MY_CACERTS
tls_version = gajim.config.get_per('accounts', self.name,
'tls_version')
cipher_list = gajim.config.get_per('accounts', self.name,
'cipher_list')
secure_tuple = (self._current_type, cacerts, mycerts, cipher_list)
secure_tuple = (self._current_type, cacerts, mycerts, tls_version, cipher_list)
con = nbxmpp.NonBlockingClient(
domain=self._hostname,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment