@@ -207,23 +207,22 @@ def __init__(
207207 async def run (self ) -> AsyncIterator [None ]:
208208 self .log .info (f"Starting Daemon Server ({ self .self_hostname } { self .daemon_port } )
209209
210- # Note: the minimum_version has been already set to TLSv1_2
210+ # Note: the minimum_version has been already set to TLSv1_3
211211 # in ssl_context_for_server()
212- # Daemon is internal connections, so override to TLSv1_3 only unless specified in the config
213- if ssl .HAS_TLSv1_3 and not self .net_config .get ("daemon_allow_tls_1_2" , False ):
214- try :
215- self .ssl_context .minimum_version = ssl .TLSVersion .TLSv1_3
216- except ValueError :
217- # in case the attempt above confused the config, set it again (likely not needed but doesn't hurt)
218- self .ssl_context .minimum_version = ssl .TLSVersion .TLSv1_2
219-
220- if self .ssl_context .minimum_version is not ssl .TLSVersion .TLSv1_3 :
221- self .log .warning (
222- (
223- "Deprecation Warning: Your version of SSL (%s) does not support TLS1.3. "
224- "A future version of Chia will require TLS1.3."
225- ),
226- ssl .OPENSSL_VERSION ,
212+ # Daemon is internal connections, so override to TLSv1_2 only if specified in the config
213+ if self .net_config .get ("daemon_allow_tls_1_2" , False ):
214+ self .ssl_context .minimum_version = ssl .TLSVersion .TLSv1_2
215+ self .ssl_context .set_ciphers (
216+ "ECDHE-ECDSA-AES256-GCM-SHA384:"
217+ "ECDHE-RSA-AES256-GCM-SHA384:"
218+ "ECDHE-ECDSA-CHACHA20-POLY1305:"
219+ "ECDHE-RSA-CHACHA20-POLY1305:"
220+ "ECDHE-ECDSA-AES128-GCM-SHA256:"
221+ "ECDHE-RSA-AES128-GCM-SHA256:"
222+ "ECDHE-ECDSA-AES256-SHA384:"
223+ "ECDHE-RSA-AES256-SHA384:"
224+ "ECDHE-ECDSA-AES128-SHA256:"
225+ "ECDHE-RSA-AES128-SHA256"
227226 )
228227
229228 self .state_changed_task = create_referenced_task (self ._process_state_changed_queue ())
0 commit comments