Allow older version of ssl and older ciphers (#14)

related issue home-assistant/core#91130
openvideolibs · Apr 13, 2023 · 721b48d · 721b48d
1 parent 4bf547c
commit 721b48d
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/onvif/client.py b/onvif/client.py
@@ -30,14 +30,15 @@
 def create_no_verify_ssl_context() -> ssl.SSLContext:
     """Return an SSL context that does not verify the server certificate.
     This is a copy of aiohttp's create_default_context() function, with the
-    ssl verify turned off.
+    ssl verify turned off and old SSL versions enabled.
+
     https://github.com/aio-libs/aiohttp/blob/33953f110e97eecc707e1402daa8d543f38a189b/aiohttp/connector.py#L911
     """
     sslcontext = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
-    sslcontext.options |= ssl.OP_NO_SSLv2
-    sslcontext.options |= ssl.OP_NO_SSLv3
     sslcontext.check_hostname = False
     sslcontext.verify_mode = ssl.CERT_NONE
+    # Allow all ciphers rather than only Python 3.10 default
+    sslcontext.set_ciphers("DEFAULT")
     with contextlib.suppress(AttributeError):
         # This only works for OpenSSL >= 1.0.0
         sslcontext.options |= ssl.OP_NO_COMPRESSION