Python web service - Allow only TLS 1.1 and 1.2

Question

We have a python(2.7) web service:
app.py

...
import web
import sys
import argparse
import traceback
from web.wsgiserver import CherryPyWSGIServer
...
URLS = ('/svc/healthcheck', 'Healthcheck')
CherryPyWSGIServer.ssl_certificate = '/etc/appk_service/ssl/ksvc_ssl.crt'
CherryPyWSGIServer.ssl_private_key = '/etc/appk_service/ssl/ksvc_ssl.key'
...
if __name__ == '__main__':
    LOGGER.info('setting env')
    try:
        parser = argparse.ArgumentParser()
        parser.add_argument(
            '--test',
            action='store_const',
            const=setenv_test,
            default=setenv,
            dest='action')
        args, left = parser.parse_known_args()
        args.action()
        sys.argv = sys.argv[:1] + left
    except Exception:
        LOGGER.error(traceback.format_exc())

    LOGGER.info('starting app')
    start()
...
def start():
    '''method to start the application'''
    LOGGER.info('initializing urls')
    app = web.application(URLS, globals())
    app.run(Log)

Now, this is started by specifying the port using the command:

nohup python app.py 9918

Can anyone please suggest where and how can I configure this web service to only allow TLS 1.1 and 1.2
Currently, it also allows SSL 2 and SSL 3 as well. And we need to restrict this to only TLS 1.1 and 1.2 protocols.

Is this something to be handled in code or some config like OS level env. variables?

Did you bother to do any research using a popular search engine and judiciously chosen search terms such as `cherrypy tls server`? — DisappointedByUnaccountableMod, Jan 16 '19 at 08:15
Yes, I did google search with relevant keywords before posting my question here — Xavier DSouza, Jan 16 '19 at 11:18
https://stackoverflow.com/questions/29260947/how-to-block-ssl-protocols-in-favor-of-tls — DisappointedByUnaccountableMod, Jan 16 '19 at 11:50

Python web service - Allow only TLS 1.1 and 1.2

0 Answers0