我的书签
添加书签
移除书签SSL
keyfile
--keyfile FILENone
SSL key file
certfile
--certfile FILENone
SSL certificate file
ssl_version
--ssl-version_SSLMethod.PROTOCOL_TLS
SSL version to use.
| –ssl-version | Description |
|---|---|
| SSLv3 | SSLv3 is not-secure and is strongly discouraged. |
| SSLv23 | Alias for TLS. Deprecated in Python 3.6, use TLS. |
| TLS | Negotiate highest possible version between client/server. Can yield SSL. (Python 3.6+) |
| TLSv1 | TLS 1.0 |
| TLSv1_1 | TLS 1.1 (Python 3.4+) |
| TLSv1_2 | TLS 1.2 (Python 3.4+) |
| TLS_SERVER | Auto-negotiate the highest protocol version like TLS, but only support server-side SSLSocket connections. (Python 3.6+) |
Changed in version 19.7: The default value has been changed from ssl.PROTOCOL_TLSv1 to ssl.PROTOCOL_SSLv23.
Changed in version 20.0: This setting now accepts string names based on ssl.PROTOCOL_ constants.
cert_reqs
--cert-reqsVerifyMode.CERT_NONE
Whether client certificate is required (see stdlib ssl module’s)
ca_certs
--ca-certs FILENone
CA certificates file
suppress_ragged_eofs
--suppress-ragged-eofsTrue
Suppress ragged EOFs (see stdlib ssl module’s)
do_handshake_on_connect
--do-handshake-on-connectFalse
Whether to perform SSL handshake on socket connect (see stdlib ssl module’s)
ciphers
--ciphersNone
SSL Cipher suite to use, in the format of an OpenSSL cipher list.
By default we use the default cipher list from Python’s ssl module, which contains ciphers considered strong at the time of each Python release.
As a recommended alternative, the Open Web App Security Project (OWASP) offers a vetted set of strong cipher strings rated A+ to C-. OWASP provides details on user-agent compatibility at each security level.
See the OpenSSL Cipher List Format Documentation for details on the format of an OpenSSL cipher list.
