diff options
author | Joffrey F <joffrey@docker.com> | 2016-03-02 15:01:30 -0800 |
---|---|---|
committer | Joffrey F <joffrey@docker.com> | 2016-03-02 15:01:30 -0800 |
commit | f4114274d68bbb8584e95add857c6d29c03f9a0c (patch) | |
tree | 6c485a1a992344e61b08253ba7ef4f8b1d3627c9 | |
parent | 062c76d8b22a6bd8a9076e17bb9a0a106bd21ce5 (diff) | |
download | docker-py-f4114274d68bbb8584e95add857c6d29c03f9a0c.tar.gz |
Use protocol TLS v1.0 by default when none is set.963-tlsv1-default
Signed-off-by: Joffrey F <joffrey@docker.com>
-rw-r--r-- | docker/tls.py | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/docker/tls.py b/docker/tls.py index 83b0ff7..7abfa60 100644 --- a/docker/tls.py +++ b/docker/tls.py @@ -1,4 +1,5 @@ import os +import ssl from . import errors from .ssladapter import ssladapter @@ -19,10 +20,14 @@ class TLSConfig(object): # here, but also disable any public/default CA pool verification by # leaving tls_verify=False - self.ssl_version = ssl_version self.assert_hostname = assert_hostname self.assert_fingerprint = assert_fingerprint + # TLS v1.0 seems to be the safest default; SSLv23 fails in mysterious + # ways: https://github.com/docker/docker-py/issues/963 + + self.ssl_version = ssl_version or ssl.PROTOCOL_TLSv1 + # "tls" and "tls_verify" must have both or neither cert/key files # In either case, Alert the user when both are expected, but any are # missing. |