1# SPDX-License-Identifier: GPL-2.0-only 2# This file is part of Scapy 3# See https://scapy.net/ for more information 4# Copyright (C) Gabriel Potter 5 6""" 7Create a duplicate of the OpenSSL config to be able to use TLS < 1.2 8This returns the path to this new config file. 9""" 10 11import os 12import re 13import subprocess 14import tempfile 15 16# Get OpenSSL config file 17OPENSSL_DIR = re.search( 18 b"OPENSSLDIR: \"(.*)\"", 19 subprocess.Popen( 20 ["openssl", "version", "-d"], 21 stdout=subprocess.PIPE 22 ).communicate()[0] 23).group(1).decode() 24OPENSSL_CONFIG = os.path.join(OPENSSL_DIR, 'openssl.cnf') 25 26# https://www.openssl.org/docs/manmaster/man5/config.html 27DATA = b""" 28openssl_conf = openssl_init 29 30[openssl_init] 31ssl_conf = ssl_configuration 32 33[ssl_configuration] 34system_default = tls_system_default 35 36[tls_system_default] 37MinProtocol = TLSv1 38CipherString = DEFAULT:@SECLEVEL=0 39Options = UnsafeLegacyRenegotiation 40""".strip() 41 42# Copy and edit 43with tempfile.NamedTemporaryFile(suffix=".cnf", delete=False) as fd: 44 fd.write(DATA) 45 print(fd.name) 46