Merge pull request #953 from uw-it-aca/task/django-container-2

adjust ssl context for astra
uw-it-aca · Feb 21, 2024 · 9be8ec1 · 9be8ec1
2 parents e09aa43 + 182297b
commit 9be8ec1
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/sis_provisioner/dao/astra.py b/sis_provisioner/dao/astra.py
@@ -27,12 +27,19 @@ def __init__(self, *args, **kwargs):
         self.key_file = settings.ASTRA_KEY
         self.cert_file = settings.ASTRA_CERT
 
+    @property
+    def _ssl_context(self):
+        ctx = ssl.SSLContext()
+        ctx.load_cert_chain(certfile=self.cert_file, keyfile=self.key_file)
+        ctx.set_ciphers('HIGH:!DH:!aNULL')
+        return ctx
+
     def connect(self):
         sock = socket.create_connection((self.host, self.port), self.timeout)
         if self._tunnel_host:
             self.sock = sock
             self._tunnel()
-        self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
+        self.sock = self._ssl_context.wrap_socket(sock)
 
 
 class HTTPSClientAuthHandler(HTTPSHandler):