Tags: patch there is a patch upstream, a patch to put that into debian/patches is attached.
>From 82016c47a723d23f9199d0f9b9e7b44697d1d78e Mon Sep 17 00:00:00 2001 From: j <j...@mailb.org> Date: Thu, 19 Jan 2017 18:33:51 +0100 Subject: [PATCH] Fix TLS 1.1 and TLS 1.2 support
remove hard coded tls version using upstream commit https://github.com/fritzy/SleekXMPP/commit/6ebcf6b60d879e31e41bac58ba7db6ea760579b9 --- debian/patches/002-fix_tls_version_check.patch | 37 ++++++++++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 38 insertions(+) create mode 100644 debian/patches/002-fix_tls_version_check.patch diff --git a/debian/patches/002-fix_tls_version_check.patch b/debian/patches/002-fix_tls_version_check.patch new file mode 100644 index 0000000..a7ffa59 --- /dev/null +++ b/debian/patches/002-fix_tls_version_check.patch @@ -0,0 +1,37 @@ +From 6ebcf6b60d879e31e41bac58ba7db6ea760579b9 Mon Sep 17 00:00:00 2001 +From: Chris Snijder <ch...@greenhost.nl> +Date: Mon, 2 May 2016 11:43:49 +0200 +Subject: [PATCH] Use ssl.get_protocol_name() to find out which TLS version is + in use (allows the latest TLS versions to be used as well as any future + versions). + +--- + sleekxmpp/xmlstream/xmlstream.py | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/sleekxmpp/xmlstream/xmlstream.py b/sleekxmpp/xmlstream/xmlstream.py +index 62d4610..565625c 100644 +--- a/sleekxmpp/xmlstream/xmlstream.py ++++ b/sleekxmpp/xmlstream/xmlstream.py +@@ -464,7 +464,7 @@ def _connect(self, reattempt=True): + if self.reconnect_delay is None: + delay = 1.0 + self.reconnect_delay = delay +- ++ + if reattempt: + delay = min(self.reconnect_delay * 2, self.reconnect_max_delay) + delay = random.normalvariate(delay, delay * 0.1) +@@ -839,8 +839,10 @@ def start_tls(self): + to be restarted. + """ + log.info("Negotiating TLS") +- ssl_versions = {3: 'TLS 1.0', 1: 'SSL 3', 2: 'SSL 2/3'} +- log.info("Using SSL version: %s", ssl_versions[self.ssl_version]) ++ log.info( ++ "Using SSL version: %s", ++ ssl.get_protocol_name(self.ssl_version).replace('PROTOCOL_', '', 1) ++ ) + if self.ca_certs is None: + cert_policy = ssl.CERT_NONE + else: diff --git a/debian/patches/series b/debian/patches/series index fdc4efc..46401a0 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1 +1,2 @@ 0001-get-rid-of-embedded-copies-dateutil-gnupg-ordereddic.patch +002-fix_tls_version_check.patch -- 2.11.0
