Relax TLS requirements for HTTP/1.1

Author: Lukasa

hyper/http20/connection.py

@@ -5,7 +5,7 @@
 
 Objects that build hyper's connection-level HTTP/2 abstraction.
 """
-from ..tls import wrap_socket
+from ..tls import wrap_socket, H2_NPN_PROTOCOLS
 from .hpack_compat import Encoder, Decoder
 from .stream import Stream
 from .frame import (
@@ -201,7 +201,10 @@ def connect(self):
         """
         if self._sock is None:
             sock = socket.create_connection((self.host, self.port), 5)
-            sock = wrap_socket(sock, self.host)
+
+            sock, proto = wrap_socket(sock, self.host)
+            assert proto in H2_NPN_PROTOCOLS
+
             self._sock = BufferedSocket(sock, self.network_buffer_size)
 
             # We need to send the connection header immediately on this

hyper/tls.py

@@ -40,17 +40,18 @@ def wrap_socket(sock, server_hostname):
     if _context.check_hostname:  # pragma: no cover
         ssl.match_hostname(ssl_sock.getpeercert(), server_hostname)
 
+    proto = ''
     with ignore_missing():
-        assert ssl_sock.selected_npn_protocol() in H2_NPN_PROTOCOLS
+        proto = ssl_sock.selected_npn_protocol()
 
-    return ssl_sock
+    return (ssl_sock, proto)
 
 
 def _init_context():
     """
     Creates the singleton SSLContext we use.
     """
-    context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
+    context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
     context.set_default_verify_paths()
     context.load_verify_locations(cafile=cert_loc)
     context.verify_mode = ssl.CERT_REQUIRED

test/server.py

@@ -51,7 +51,7 @@ def _start_server(self):
         sock = socket.socket(socket.AF_INET6)
         if sys.platform != 'win32':
             sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-        sock = self.cxt.wrap_socket(sock, server_side=True)
+        sock, proto = self.cxt.wrap_socket(sock, server_side=True)
         sock.bind((self.host, 0))
         self.port = sock.getsockname()[1]