Use SSL negotiation.

Although the API can be misleading, PROTOCOL_SSLv23 selects the highest protocol version that both the client and server support. Despite the name, this option can select “TLS” protocols as well as “SSL”. In this way, we can use TLSv1.2 (PROTOCOL_TLSv1 will *only* give us TLS v1.0) In the client side, we try to disable SSLv2 and SSLv3 options explicitely. The python version in wheezy does not offer PROTOCOL_TLSv1_2 nor OP_NO_SSLv2 or OP_NO_SSLv3 (It's new in 2.7.9)
author: Kali Kaneko <kali@leap.se> 2014-12-03 00:22:18 +0100
committer: drebs <drebs@leap.se> 2014-12-05 14:40:27 -0200
commit: 6fc80e14d568d83df7899e516d1422b2e011d2cb (patch)
tree: 0822461fbfaf0aa589281db2c974d98ce0c0dd54 /server
parent: 4f7a1e1063199cb91535ab9cd3ca428bca2ced96 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/server/pkg/soledad b/server/pkg/soledad
index bf24dac2..ccb3e9b0 100644
--- a/server/pkg/soledad
+++ b/server/pkg/soledad
@@ -19,7 +19,7 @@ CERT_PATH=/etc/leap/soledad-server.pem
 PRIVKEY_PATH=/etc/leap/soledad-server.key
 TWISTD_PATH=/usr/bin/twistd
 HOME=/var/lib/soledad/
-SSL_METHOD=TLSv1_METHOD
+SSL_METHOD=SSLv23_METHOD
 USER=soledad
 GROUP=soledad
author	Kali Kaneko <kali@leap.se>	2014-12-03 00:22:18 +0100
committer	drebs <drebs@leap.se>	2014-12-05 14:40:27 -0200
commit	6fc80e14d568d83df7899e516d1422b2e011d2cb (patch)
tree	0822461fbfaf0aa589281db2c974d98ce0c0dd54 /server
parent	4f7a1e1063199cb91535ab9cd3ca428bca2ced96 (diff)