From 1624793088cb7eb8fb96b9510c7c3e3e3804d244 Mon Sep 17 00:00:00 2001 From: Brant Knudson Date: Tue, 25 Nov 2014 10:59:05 -0600 Subject: [PATCH] Add more TLS protocols to rabbit impl Python 2.7.9 added PROTOCOL_TLSv1_1 and PROTOCOL_TLSv1_2, so these are added to the allowed kombu_ssl_version values. See https://docs.python.org/2/library/ssl.html#ssl.PROTOCOL_TLSv1_1 Change-Id: I1dd590d916ab524284a941db91b9cb81fd4639bb --- oslo/messaging/_drivers/impl_rabbit.py | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/oslo/messaging/_drivers/impl_rabbit.py b/oslo/messaging/_drivers/impl_rabbit.py index 0c786ed7b..45ce81a85 100644 --- a/oslo/messaging/_drivers/impl_rabbit.py +++ b/oslo/messaging/_drivers/impl_rabbit.py @@ -41,8 +41,9 @@ rabbit_opts = [ cfg.StrOpt('kombu_ssl_version', default='', help='SSL version to use (valid only if SSL enabled). ' - 'valid values are TLSv1 and SSLv23. SSLv2 and ' - 'SSLv3 may be available on some distributions.' + 'Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, ' + 'TLSv1_1, and TLSv1_2 may be available on some ' + 'distributions.' ), cfg.StrOpt('kombu_ssl_keyfile', default='', @@ -499,15 +500,18 @@ class Connection(object): "sslv23": ssl.PROTOCOL_SSLv23 } - try: - _SSL_PROTOCOLS["sslv2"] = ssl.PROTOCOL_SSLv2 - except AttributeError: - pass - - try: - _SSL_PROTOCOLS["sslv3"] = ssl.PROTOCOL_SSLv3 - except AttributeError: - pass + _OPTIONAL_PROTOCOLS = { + 'sslv2': 'PROTOCOL_SSLv2', + 'sslv3': 'PROTOCOL_SSLv3', + 'tlsv1_1': 'PROTOCOL_TLSv1_1', + 'tlsv1_2': 'PROTOCOL_TLSv1_2', + } + for protocol in _OPTIONAL_PROTOCOLS: + try: + _SSL_PROTOCOLS[protocol] = getattr(ssl, + _OPTIONAL_PROTOCOLS[protocol]) + except AttributeError: + pass @classmethod def validate_ssl_version(cls, version):