@@ -78,13 +78,13 @@ def printUsage(s=None):
7878 server
7979 [-c CERT] [-k KEY] [-t TACK] [-v VERIFIERDB] [-d DIR] [-l LABEL] [-L LENGTH]
8080 [--reqcert] [--param DHFILE] [--psk PSK] [--psk-ident IDENTITY]
81- [--psk-sha384] [--ssl3] [--max-ver VER] [--tickets COUNT]
81+ [--psk-sha384] [--ssl3] [--max-ver VER] [--tickets COUNT] [--cipherlist]
8282 HOST:PORT
8383
8484 client
8585 [-c CERT] [-k KEY] [-u USER] [-p PASS] [-l LABEL] [-L LENGTH] [-a ALPN]
8686 [--psk PSK] [--psk-ident IDENTITY] [--psk-sha384] [--resumption] [--ssl3]
87- [--max-ver VER]
87+ [--max-ver VER] [--cipherlist]
8888 HOST:PORT
8989
9090 LABEL - TLS exporter label
@@ -100,6 +100,8 @@ def printUsage(s=None):
100100 "tls1.3"
101101 --tickets COUNT - how many tickets should server send after handshake is
102102 finished
103+ --cipherlist - comma separated ciphers to enable. For ex. aes128ccm,3des
104+ You can specify this option multiple times.
103105 CERT, KEY - the file with key and certificates that will be used by client or
104106 server. The server can accept multiple pairs of `-c` and `-k` options
105107 to configure different certificates (like RSA and ECDSA)
@@ -156,6 +158,7 @@ def handleArgs(argv, argString, flagsList=[]):
156158 ssl3 = False
157159 max_ver = None
158160 tickets = None
161+ ciphers = []
159162
160163 for opt , arg in opts :
161164 if opt == "-k" :
@@ -227,6 +230,8 @@ def handleArgs(argv, argString, flagsList=[]):
227230 max_ver = ver_to_tuple (arg )
228231 elif opt == "--tickets" :
229232 tickets = int (arg )
233+ elif opt == "--cipherlist" :
234+ ciphers .append (arg )
230235 else :
231236 assert (False )
232237
@@ -287,6 +292,8 @@ def handleArgs(argv, argString, flagsList=[]):
287292 retList .append (max_ver )
288293 if "tickets=" in flagsList :
289294 retList .append (tickets )
295+ if "cipherlist=" in flagsList :
296+ retList .append (ciphers )
290297 return retList
291298
292299
@@ -351,9 +358,10 @@ def clientCmd(argv):
351358 (address , privateKey , cert_chain , virtual_hosts , username , password ,
352359 expLabel ,
353360 expLength , alpn , psk , psk_ident , psk_hash , resumption , ssl3 ,
354- max_ver ) = \
361+ max_ver , cipherlist ) = \
355362 handleArgs (argv , "kcuplLa" , ["psk=" , "psk-ident=" , "psk-sha384" ,
356- "resumption" , "ssl3" , "max-ver=" ])
363+ "resumption" , "ssl3" , "max-ver=" ,
364+ "cipherlist=" ])
357365
358366 if (cert_chain and not privateKey ) or (not cert_chain and privateKey ):
359367 raise SyntaxError ("Must specify CERT and KEY together" )
@@ -379,7 +387,9 @@ def clientCmd(argv):
379387 settings .minVersion = (3 , 0 )
380388 if max_ver :
381389 settings .maxVersion = max_ver
382-
390+ if cipherlist :
391+ settings .cipherNames = [item for cipher in cipherlist
392+ for item in cipher .split (',' )]
383393 try :
384394 start = time_stamp ()
385395 if username and password :
@@ -484,11 +494,11 @@ def serverCmd(argv):
484494 (address , privateKey , cert_chain , virtual_hosts , tacks , verifierDB ,
485495 directory , reqCert ,
486496 expLabel , expLength , dhparam , psk , psk_ident , psk_hash , ssl3 ,
487- max_ver , tickets ) = \
497+ max_ver , tickets , cipherlist ) = \
488498 handleArgs (argv , "kctbvdlL" ,
489499 ["reqcert" , "param=" , "psk=" ,
490500 "psk-ident=" , "psk-sha384" , "ssl3" , "max-ver=" ,
491- "tickets=" ])
501+ "tickets=" , "cipherlist=" ])
492502
493503
494504 if (cert_chain and not privateKey ) or (not cert_chain and privateKey ):
@@ -530,6 +540,9 @@ def serverCmd(argv):
530540 if max_ver :
531541 settings .maxVersion = max_ver
532542 settings .virtual_hosts = virtual_hosts
543+ if cipherlist :
544+ settings .cipherNames = [item for cipher in cipherlist
545+ for item in cipher .split (',' )]
533546
534547 class MySimpleHTTPHandler (SimpleHTTPRequestHandler , object ):
535548 """Buffer the header and body of HTTP message."""
0 commit comments