Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fine tuning for the SSL hardening that happened in python 3.10 and up. #17218

Merged
merged 20 commits into from
Jan 27, 2022
Merged

fine tuning for the SSL hardening that happened in python 3.10 and up. #17218

merged 20 commits into from
Jan 27, 2022

Conversation

wissamg
Copy link
Contributor

@wissamg wissamg commented Jan 20, 2022
edited
Loading

The Pull Request will be reviewed only after the contribution registration form is filled.

Status

  • Ready

Related Issues

fixes: 45903

Description

python.org introduce a ssl hardening in python 3.10 and up and this simply reduce number of the allowed ciphers in ssl communications.
python/cpython#25778
solution was based on:
https://lukasa.co.uk/2017/02/Configuring_TLS_With_Requests/
CIPHERS_STRING = '@SECLEVEL=1:ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20:ECDH+AESGCM:DH+AESGCM:ECDH+AES:DH+AES:RSA+ANESGCM:RSA+AES:!aNULL:!eNULL:!MD5:!DSS'

Minimum version of Cortex XSOAR

  • [X ] 6.0.0

Does it break backward compatibility?

  • Yes
    • Further details: some integration that move to the lastest python 3.10.1 docker will issue to communicate
    • already seen in McAfee ePO and ArcherRSA

Must have

  • Tests
  • Documentation

@wissamg wissamg changed the title find tuning for the SSL hardening that happened in python 3.10 and up. fine tuning for the SSL hardening that happened in python 3.10 and up. Jan 23, 2022
@wissamg wissamg merged commit aa075f2 into master Jan 27, 2022
@wissamg wissamg deleted the python_3.10.1_SSL_hardening branch January 27, 2022 12:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anara123 anara123 anara123 approved these changes

@yaakovi yaakovi Awaiting requested review from yaakovi

@Itay4 Itay4 Awaiting requested review from Itay4

@ShahafBenYakir ShahafBenYakir Awaiting requested review from ShahafBenYakir

Assignees
No one assigned
Labels
docs-approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wissamg @anara123