diff options
| author | Matthew <coletdjnz@protonmail.com> | 2022-11-07 05:37:23 +1300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-06 22:07:23 +0530 |
| commit | 5b9f253fa0aee996cf1ed30185d4b502e00609c4 (patch) | |
| tree | 1fcfa7faca3bd1e29a2391ed8c54ef218897fff0 /yt_dlp/utils.py | |
| parent | d715b0e4135fca75b417ee876a4360c58fa3ef6d (diff) | |
| download | hypervideo-pre-5b9f253fa0aee996cf1ed30185d4b502e00609c4.tar.lz hypervideo-pre-5b9f253fa0aee996cf1ed30185d4b502e00609c4.tar.xz hypervideo-pre-5b9f253fa0aee996cf1ed30185d4b502e00609c4.zip | |
Backport SSL configuration from Python 3.10 (#5437)
Partial fix for https://github.com/yt-dlp/yt-dlp/pull/5294#issuecomment-1289363572, https://github.com/yt-dlp/yt-dlp/issues/4627
Authored by: coletdjnz
Diffstat (limited to 'yt_dlp/utils.py')
| -rw-r--r-- | yt_dlp/utils.py | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/yt_dlp/utils.py b/yt_dlp/utils.py index 7eef2c9cd..ef4cc904c 100644 --- a/yt_dlp/utils.py +++ b/yt_dlp/utils.py @@ -985,6 +985,18 @@ def make_HTTPS_handler(params, **kwargs): context.options |= 4 # SSL_OP_LEGACY_SERVER_CONNECT # Allow use of weaker ciphers in Python 3.10+. See https://bugs.python.org/issue43998 context.set_ciphers('DEFAULT') + elif sys.version_info < (3, 10) and ssl.OPENSSL_VERSION_INFO >= (1, 1, 1): + # Backport the default SSL ciphers and minimum TLS version settings from Python 3.10 [1]. + # This is to ensure consistent behavior across Python versions, and help avoid fingerprinting + # in some situations [2][3]. + # Python 3.10 only supports OpenSSL 1.1.1+ [4]. Because this change is likely + # untested on older versions, we only apply this to OpenSSL 1.1.1+ to be safe. + # 1. https://github.com/python/cpython/commit/e983252b516edb15d4338b0a47631b59ef1e2536 + # 2. https://github.com/yt-dlp/yt-dlp/issues/4627 + # 3. https://github.com/yt-dlp/yt-dlp/pull/5294 + # 4. https://peps.python.org/pep-0644/ + context.set_ciphers('@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM') + context.minimum_version = ssl.TLSVersion.TLSv1_2 context.verify_mode = ssl.CERT_REQUIRED if opts_check_certificate else ssl.CERT_NONE if opts_check_certificate: @@ -1982,12 +1994,13 @@ def system_identifier(): with contextlib.suppress(OSError): # We may not have access to the executable libc_ver = platform.libc_ver() - return 'Python %s (%s %s) - %s %s' % ( + return 'Python %s (%s %s) - %s (%s%s)' % ( platform.python_version(), python_implementation, platform.architecture()[0], platform.platform(), - format_field(join_nonempty(*libc_ver, delim=' '), None, '(%s)'), + ssl.OPENSSL_VERSION, + format_field(join_nonempty(*libc_ver, delim=' '), None, ', %s'), ) |