From 1624793088cb7eb8fb96b9510c7c3e3e3804d244 Mon Sep 17 00:00:00 2001
From: Brant Knudson <bknudson@us.ibm.com>
Date: Tue, 25 Nov 2014 10:59:05 -0600
Subject: [PATCH] Add more TLS protocols to rabbit impl
Python 2.7.9 added PROTOCOL_TLSv1_1 and PROTOCOL_TLSv1_2, so these
are added to the allowed kombu_ssl_version values.
See https://docs.python.org/2/library/ssl.html#ssl.PROTOCOL_TLSv1_1
Change-Id: I1dd590d916ab524284a941db91b9cb81fd4639bb
---
oslo/messaging/_drivers/impl_rabbit.py | 26 +++++++++++++++-----------
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/oslo/messaging/_drivers/impl_rabbit.py b/oslo/messaging/_drivers/impl_rabbit.py
index 0c786ed7b..45ce81a85 100644
--- a/oslo/messaging/_drivers/impl_rabbit.py
+++ b/oslo/messaging/_drivers/impl_rabbit.py
@@ -41,8 +41,9 @@ rabbit_opts = [
cfg.StrOpt('kombu_ssl_version',
default='',
help='SSL version to use (valid only if SSL enabled). '
- 'valid values are TLSv1 and SSLv23. SSLv2 and '
- 'SSLv3 may be available on some distributions.'
+ 'Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, '
+ 'TLSv1_1, and TLSv1_2 may be available on some '
+ 'distributions.'
),
cfg.StrOpt('kombu_ssl_keyfile',
default='',
@@ -499,15 +500,18 @@ class Connection(object):
"sslv23": ssl.PROTOCOL_SSLv23
}
- try:
- _SSL_PROTOCOLS["sslv2"] = ssl.PROTOCOL_SSLv2
- except AttributeError:
- pass
-
- try:
- _SSL_PROTOCOLS["sslv3"] = ssl.PROTOCOL_SSLv3
- except AttributeError:
- pass
+ _OPTIONAL_PROTOCOLS = {
+ 'sslv2': 'PROTOCOL_SSLv2',
+ 'sslv3': 'PROTOCOL_SSLv3',
+ 'tlsv1_1': 'PROTOCOL_TLSv1_1',
+ 'tlsv1_2': 'PROTOCOL_TLSv1_2',
+ }
+ for protocol in _OPTIONAL_PROTOCOLS:
+ try:
+ _SSL_PROTOCOLS[protocol] = getattr(ssl,
+ _OPTIONAL_PROTOCOLS[protocol])
+ except AttributeError:
+ pass
@classmethod
def validate_ssl_version(cls, version):