serve_header: replace deprecated ssl.wrap_socket()

2022-08-01 15:13:43 +02:00 · 2022-08-01 15:13:43 +02:00 · d354ac42c2
commit d354ac42c2
parent adb12cd94f
1 changed files with 5 additions and 5 deletions
--- a/tools/serve_header/serve_header.py
+++ b/tools/serve_header/serve_header.py
@ -388,11 +388,11 @@ if __name__ == '__main__':
            if https.get('enabled', True):
                cert_file = https.get('cert_file', 'localhost.pem')
                key_file = https.get('key_file', 'localhost-key.pem')
-                ssl.minimum_version = ssl.TLSVersion.TLSv1_3
-                ssl.maximum_version = ssl.TLSVersion.MAXIMUM_SUPPORTED
-                httpd.socket = ssl.wrap_socket(httpd.socket,
-                    certfile=cert_file, keyfile=key_file,
-                    server_side=True, ssl_version=ssl.PROTOCOL_TLS)
+                ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+                ssl_ctx.minimum_version = ssl.TLSVersion.TLSv1_2
+                ssl_ctx.maximum_version = ssl.TLSVersion.MAXIMUM_SUPPORTED
+                ssl_ctx.load_cert_chain(cert_file, key_file)
+                httpd.socket = ssl_ctx.wrap_socket(httpd.socket, server_side=True)
                scheme = 'HTTPS'
            host, port = httpd.socket.getsockname()[:2]
            log.info(f'serving {scheme} on {host} port {port}')