From dafa4827d58acc6f60ec24177689fdb4f69c87d3 Mon Sep 17 00:00:00 2001
From: swee <meow@swee.codes>
Date: Wed, 22 Jan 2025 16:20:30 -0800
Subject: [PATCH] Update server.py

---
 server.py | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/server.py b/server.py
index 15b01c3..f0b38b7 100644
--- a/server.py
+++ b/server.py
@@ -140,9 +140,30 @@ for i in restrict_ip.split(" "):
     sockets[i].setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
     sockets[i].bind((i,6667))
     sockets[i].listen(1)
+allowedVersions = ["TLSv1.0", "TLSv1.1", "TLSv1.2", "TLSv1.3", "SSLv2", "SSLv3"]
+foundVersions = []
 context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
-context.options |= ssl.OP_NO_TLSv1 # Disable TLS 1.0
-context.options |= ssl.OP_NO_TLSv1_1 # Disable TLS 1.1
+for i in context.get_ciphers():
+    if not i["protocol"] in foundVersions:
+        foundVersions.append(i["protocol"])
+if not "TLSv1.0" in foundVersions:
+    print("[WARN] SSL Context doesn't support TLS 1.0!")
+    context.options |= ssl.OP_NO_TLSv1 # Disable TLS 1.0
+if not "TLSv1.1" in foundVersions:
+    print("[WARN] SSL Context doesn't support TLS 1.1!")
+    context.options |= ssl.OP_NO_TLSv1_1 # Disable TLS 1.1
+if not "TLSv1.2" in foundVersions:
+    print("[WARN] SSL Context doesn't support TLS 1.1!")
+    context.options |= ssl.OP_NO_TLSv1_2 # Disable TLS 1.2
+if not "TLSv1.3" in foundVersions:
+    print("[WARN] SSL Context doesn't support TLS 1.1!")
+    context.options |= ssl.OP_NO_TLSv1_3 # Disable TLS 1.3
+if not "SSLv2" in foundVersions:
+    print("[WARN] SSL Context doesn't support SSL 2!")
+    context.options |= ssl.OP_NO_SSLv2 # Disable SSL 2
+if not "SSLv3" in foundVersions:
+    print("[WARN] SSL Context doesn't support SSL 3!")
+    context.options |= ssl.OP_NO_SSLv3 # Disable SSL 3
 if ssl_option:
     print(f"Loading SSL cert {ssl_cert} with key {ssl_pkey}")
     context.load_cert_chain(ssl_cert, keyfile=ssl_pkey)