feat(utils): extend create_tcp_connection utility (#568)

Paweł Szulik · StephenSorriaux · commit ab0cd00c1262 · 2019-08-06T19:18:41.000+02:00
Add parameters to setup SSL context options and ciphers when playing with secure connection.
It can be set via a handler:
```
class MySequentialThreadingHandler(SequentialThreadingHandler):
    def create_connection(self, *args, **kwargs):
        return create_tcp_connection(socket, options=MY_OPTIONS, ciphers=MY_CIPHERS,
                                     *args, **kwargs)
```
diff --git a/kazoo/handlers/utils.py b/kazoo/handlers/utils.py
@@ -191,7 +191,7 @@ def create_tcp_socket(module):
 def create_tcp_connection(module, address, timeout=None,
                           use_ssl=False, ca=None, certfile=None,
                           keyfile=None, keyfile_password=None,
-                          verify_certs=True):
+                          verify_certs=True, options=None, ciphers=None):
     end = None
     if timeout is None:
         # thanks to create_connection() developers for
@@ -211,8 +211,16 @@ def create_tcp_connection(module, address, timeout=None,
         if use_ssl:
             # Disallow use of SSLv2 and V3 (meaning we require TLSv1.0+)
             context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
-            context.options |= ssl.OP_NO_SSLv2
-            context.options |= ssl.OP_NO_SSLv3
+
+            if options is not None:
+                context.options = options
+            else:
+                context.options |= ssl.OP_NO_SSLv2
+                context.options |= ssl.OP_NO_SSLv3
+
+            if ciphers:
+                context.set_ciphers(ciphers)
+
             # Load default CA certs
             context.load_default_certs(ssl.Purpose.SERVER_AUTH)
             context.verify_mode = (
