Skip to content

Commit

Permalink
Update daemon specific option
Browse files Browse the repository at this point in the history
  • Loading branch information
emlowe committed Dec 20, 2024
1 parent 7c06c13 commit 6d734ba
Showing 1 changed file with 16 additions and 8 deletions.
24 changes: 16 additions & 8 deletions chia/daemon/server.py
Original file line number Diff line number Diff line change
Expand Up @@ -193,15 +193,23 @@ def __init__(
async def run(self) -> AsyncIterator[None]:
self.log.info(f"Starting Daemon Server ({self.self_hostname}:{self.daemon_port})")

# Note: the minimum_version has been already set to TLSv1_2
# Note: the minimum_version has been already set to TLSv1_3
# in ssl_context_for_server()
# Daemon is internal connections, so override to TLSv1_3 only unless specified in the config
if ssl.HAS_TLSv1_3 and not self.net_config.get("daemon_allow_tls_1_2", False):
try:
self.ssl_context.minimum_version = ssl.TLSVersion.TLSv1_3
except ValueError:
# in case the attempt above confused the config, set it again (likely not needed but doesn't hurt)
self.ssl_context.minimum_version = ssl.TLSVersion.TLSv1_2
# Daemon is internal connections, so override to TLSv1_2 only if specified in the config
if self.net_config.get("daemon_allow_tls_1_2", False):
self.ssl_context.minimum_version = ssl.TLSVersion.TLSv1_2
self.ssl_context.set_ciphers(
"ECDHE-ECDSA-AES256-GCM-SHA384:"
"ECDHE-RSA-AES256-GCM-SHA384:"
"ECDHE-ECDSA-CHACHA20-POLY1305:"
"ECDHE-RSA-CHACHA20-POLY1305:"
"ECDHE-ECDSA-AES128-GCM-SHA256:"
"ECDHE-RSA-AES128-GCM-SHA256:"
"ECDHE-ECDSA-AES256-SHA384:"
"ECDHE-RSA-AES256-SHA384:"
"ECDHE-ECDSA-AES128-SHA256:"
"ECDHE-RSA-AES128-SHA256"
)

if self.ssl_context.minimum_version is not ssl.TLSVersion.TLSv1_3:
self.log.warning(
Expand Down

0 comments on commit 6d734ba

Please sign in to comment.