Home Explore Help
Register Sign In
RISCI_ATOM
/
pagure
mirror of https://pagure.io/pagure.git
1
0
Fork 0
Files Issues 3 Wiki
Browse Source

Move the default MQTT protocol to be TLS v1.2

ssl.PROTOCOL_TLS has been deprecated in python and 1.2 is the latest
version to date.

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
Pierre-Yves Chibon 5 years ago
parent
c0512fc3bd
commit
420b95b8d7
2 changed files with 4 additions and 2 deletions
Split View Show Diff Stats
  1. 1 1
      doc/configuration.rst
  2. 3 1
      pagure/lib/notify.py

+ 1 - 1
doc/configuration.rst
View File 

@@ -1825,7 +1825,7 @@ MQTT_TLS_VERSION
 
 When using SSL-based authentication to the MQTT server, use this
 
 configuration key to specify the TLS protocols to support/use.
 
 
-Defaults to: ``ssl.PROTOCOL_TLS`` (from python's ssl library)
 
+Defaults to: ``ssl.PROTOCOL_TLSv1_2`` (from python's ssl library)
 
 
 
 MQTT_CIPHERS

+ 3 - 1
pagure/lib/notify.py
View File 

@@ -122,7 +122,9 @@ def mqtt_publish(topic, message):
 
     mqtt_certfile = pagure_config.get("MQTT_CERTFILE")
 
     mqtt_keyfile = pagure_config.get("MQTT_KEYFILE")
 
     mqtt_cert_reqs = pagure_config.get("MQTT_CERT_REQS", ssl.CERT_REQUIRED)
 
-    mqtt_tls_version = pagure_config.get("MQTT_TLS_VERSION", ssl.PROTOCOL_TLS)
 
+    mqtt_tls_version = pagure_config.get(
 
+        "MQTT_TLS_VERSION", ssl.PROTOCOL_TLSv1_2
 
+    )
 
     mqtt_ciphers = pagure_config.get("MQTT_CIPHERS")
 
 
     # We catch Exception if we want :-p