From 0cedb3b0f1e5d79c89c6db767c534b064b794cf2 Mon Sep 17 00:00:00 2001 From: "Seth M. Larson" Date: Thu, 1 Nov 2018 12:24:58 -0500 Subject: [PATCH] Restore context.set_ciphers() to create_urllib3_context() (#1463) --- CHANGES.rst | 2 ++ src/urllib3/util/ssl_.py | 2 ++ test/test_ssl.py | 18 ++++++++++++++++++ 3 files changed, 22 insertions(+) diff --git a/CHANGES.rst b/CHANGES.rst index f6dc184bb8..186099d3b4 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -6,6 +6,8 @@ dev (master) * Remove quadratic behavior within ``GzipDecoder.decompress()`` (Issue #1467) +* Restored functionality of `ciphers` parameter for `create_urllib3_context()`. (Issue #1462) + * ... [Short description of non-trivial change.] (Issue #) diff --git a/src/urllib3/util/ssl_.py b/src/urllib3/util/ssl_.py index 24ee26d632..64ea192a85 100644 --- a/src/urllib3/util/ssl_.py +++ b/src/urllib3/util/ssl_.py @@ -263,6 +263,8 @@ def create_urllib3_context(ssl_version=None, cert_reqs=None, """ context = SSLContext(ssl_version or ssl.PROTOCOL_SSLv23) + context.set_ciphers(ciphers or DEFAULT_CIPHERS) + # Setting the default here, as we may have no ssl module on import cert_reqs = ssl.CERT_REQUIRED if cert_reqs is None else cert_reqs diff --git a/test/test_ssl.py b/test/test_ssl.py index 76a502591e..47359717d2 100644 --- a/test/test_ssl.py +++ b/test/test_ssl.py @@ -70,3 +70,21 @@ def test_sni_missing_warning_with_ip_addresses(monkeypatch, has_sni, server_host assert SNIMissingWarning in warnings else: assert warn.call_count == 0 + + +@pytest.mark.parametrize( + ["ciphers", "expected_ciphers"], + [(None, ssl_.DEFAULT_CIPHERS), + ("ECDH+AESGCM:ECDH+CHACHA20", "ECDH+AESGCM:ECDH+CHACHA20")] +) +def test_create_urllib3_context_set_ciphers(monkeypatch, ciphers, expected_ciphers): + + context = mock.create_autospec(ssl_.SSLContext) + context.set_ciphers = mock.Mock() + context.options = 0 + monkeypatch.setattr(ssl_, "SSLContext", lambda *_, **__: context) + + assert ssl_.create_urllib3_context(ciphers=ciphers) is context + + assert context.set_ciphers.call_count == 1 + assert context.set_ciphers.call_args == mock.call(expected_ciphers)