Replies: 1 comment
-
|
I just change the “/usr/local/lib/python3.9/dist-packages/gunicorn/workers/sync.py” and used “SSLContext.wrap_socket()” instead “wrap_socket()” and set the context options to disable renegotiation. See following the source file.
and now the edited file
after that I restarted gunicorn and renegotiation has been disabled!!!
If anyone wants to implement this SSLcontext feature, will be goooooooood ;-) |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello guys!
I'm using gunicorn 20.1.0 with a web2py application, and I would like to use a feature in stdlib ssl module to prevent renegotiation in SSL handshake, but gunicorn doesn't have this argument on binary. Anyone know how can I do this?
stdlib ssl
https://docs.python.org/3/library/ssl.html
ssl.OP_NO_RENEGOTIATION
Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest messages, and ignore renegotiation requests via ClientHello.
I used the command line "openssl s_client -connect xxx.xxx.xxx.xxx:8000" and after the handshake finish, I just sent the "R" key and hit enter, to see the flaw happens
Beta Was this translation helpful? Give feedback.
All reactions