| Gabriel Cuba | 8b7a395 | 2022-11-02 17:21:50 -0500 | [diff] [blame^] | 1 | import logging |
| 2 | import ssl |
| 3 | |
| 4 | logger = logging.getLogger("osm_ee.util_grpc") |
| 5 | |
| 6 | SERVER_CERT = "/etc/ssl/grpc-tls/tls.crt" |
| 7 | SERVER_KEY = "/etc/ssl/grpc-tls/tls.key" |
| 8 | |
| 9 | |
| 10 | def create_secure_context() -> ssl.SSLContext: |
| 11 | ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) |
| 12 | # ctx.verify_mode = ssl.CERT_REQUIRED |
| 13 | try: |
| 14 | ctx.load_cert_chain(str(SERVER_CERT), str(SERVER_KEY)) |
| 15 | except FileNotFoundError: |
| 16 | logger.warning("TLS Certificate not found, starting gRPC server in unsecure mode") |
| 17 | return None |
| 18 | # TODO: client TLS |
| 19 | # ctx.load_verify_locations(str(trusted)) |
| 20 | ctx.set_ciphers('ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20') |
| 21 | ctx.set_alpn_protocols(['h2']) |
| 22 | try: |
| 23 | ctx.set_npn_protocols(['h2']) |
| 24 | except NotImplementedError: |
| 25 | pass |
| 26 | return ctx |