|
1 | 1 | import ssl |
2 | | -from pyOpenSSL import SSL |
3 | 2 | from ssl import SSLContext |
4 | 3 |
|
5 | | -# true positives |
6 | | -ssl.wrap_socket(ssl_version=ssl.PROTOCOL_SSLv2) |
7 | | -ssl.wrap_socket(ssl_version=ssl.PROTOCOL_SSLv3) |
8 | | -ssl.wrap_socket(ssl_version=ssl.PROTOCOL_TLSv1) |
9 | | - |
10 | | -SSLContext(protocol=ssl.PROTOCOL_SSLv2) |
11 | | -SSLContext(protocol=ssl.PROTOCOL_SSLv3) |
12 | | -SSLContext(protocol=ssl.PROTOCOL_TLSv1) |
13 | | - |
14 | | -SSL.Context(SSL.SSLv2_METHOD) |
15 | | -SSL.Context(SSL.SSLv23_METHOD) |
16 | | -SSL.Context(SSL.SSLv3_METHOD) |
17 | | -SSL.Context(SSL.TLSv1_METHOD) |
18 | | - |
19 | | -# not relevant |
20 | | -wrap_socket(ssl_version=ssl.PROTOCOL_SSLv3) |
21 | | -wrap_socket(ssl_version=ssl.PROTOCOL_TLSv1) |
22 | | -wrap_socket(ssl_version=ssl.PROTOCOL_SSLv2) |
23 | | - |
24 | | -Context(SSL.SSLv3_METHOD) |
25 | | -Context(SSL.TLSv1_METHOD) |
26 | | -Context(SSL.SSLv2_METHOD) |
27 | | -Context(SSL.SSLv23_METHOD) |
28 | | - |
29 | | -# true positive using flow |
30 | | - |
31 | | -METHOD = SSL.SSLv2_METHOD |
32 | | -SSL.Context(METHOD) |
33 | | - |
34 | 4 | # secure versions |
35 | | - |
36 | | -ssl.wrap_socket(ssl_version=ssl.PROTOCOL_TLSv1_1) |
37 | | -SSLContext(protocol=ssl.PROTOCOL_TLSv1_1) |
38 | | -SSL.Context(SSL.TLSv1_1_METHOD) |
| 5 | +ssl.wrap_socket(ssl_version=ssl.PROTOCOL_TLSv1_2) |
| 6 | +SSLContext(protocol=ssl.PROTOCOL_TLSv1_2) |
39 | 7 |
|
40 | 8 | # possibly insecure default |
41 | 9 | ssl.wrap_socket() |
42 | 10 | context = SSLContext() |
43 | | - |
44 | | -# importing the protocol constant directly |
45 | | - |
46 | | -from ssl import PROTOCOL_SSLv2 |
47 | | - |
48 | | -ssl.wrap_socket(ssl_version=PROTOCOL_SSLv2) |
49 | | -SSLContext(protocol=PROTOCOL_SSLv2) |
50 | | - |
51 | | -# FP for insecure default |
52 | | -ssl.SSLContext(ssl.SSLv23_METHOD) |
0 commit comments