[WebUI][Daemon] Enhance TLS Security

This applies the following for both WebUI and Daemon: 1. Raised minimal TLS version to TLSv1.2 2. Added specific cipher suite list 3. Added support for ECDSA auth keys 4. Added support for ECDHE key exchange algorithm We disabled the ability to perform TLS/SSL renegotiation and therefore will prevent the clients from renegotiating, which can be exploit for DoS attacks. New security tests now will be skipped when running `pydef` and `trial` testenvs. To run the test, use the testenv `security` or add the environment variable `SECURITY_TESTS` before running the tests. Also should only run when adding to the commit message the string `SECURITY_TEST`.
2018-06-24 20:39:04 +03:00
parent 456e720b75
commit b9a9e06c1d
7 changed files with 297 additions and 44 deletions
--- a/tox.ini
+++ b/tox.ini
@ -52,7 +52,11 @@ log_cli_level = CRITICAL
 [testenv:pydef]
 commands =
    python -c "import libtorrent as lt; print(lt.__version__)"
-    pytest -v --basetemp=_pytest_temp -s -m "not (todo or gtkui)" deluge/tests
+    pytest -v --basetemp=_pytest_temp -s -m "not (todo or gtkui or security)" deluge/tests
+
+[testenv:security]
+setenv = SECURITY_TESTS = True
+commands = pytest -v --basetemp=_pytest_temp -s -m "security" deluge/tests/

 [testenv:pygtkui]
 commands = pytest -v --basetemp=_pytest_temp -s -m "gtkui" deluge/tests