Replace deprecated SSLContext constant PROTOCOL_TLS in mqtt (#88214)

Replace deprecated SSLContext constants
2023-02-16 19:01:28 +01:00 · 2023-02-16 19:01:28 +01:00 · 57738fbb8c
parent c79157208b
commit 57738fbb8c
4 changed files with 6 additions and 6 deletions
--- a/homeassistant/components/mqtt/client.py
+++ b/homeassistant/components/mqtt/client.py
@ -329,7 +329,7 @@ class MqttClientSetup:
                certificate,
                certfile=client_cert,
                keyfile=client_key,
-                tls_version=ssl.PROTOCOL_TLS,
+                tls_version=ssl.PROTOCOL_TLS_CLIENT,
            )

            if tls_insecure is not None:
--- a/homeassistant/components/mqtt/config_flow.py
+++ b/homeassistant/components/mqtt/config_flow.py
@ -4,7 +4,7 @@ from __future__ import annotations
 from collections import OrderedDict
 from collections.abc import Callable
 import queue
-from ssl import PROTOCOL_TLS, SSLContext, SSLError
+from ssl import PROTOCOL_TLS_CLIENT, SSLContext, SSLError
 from types import MappingProxyType
 from typing import Any

@ -789,7 +789,7 @@ def check_certicate_chain() -> str | None:
        except (TypeError, ValueError):
            return "bad_client_key"
    # Check the certificate chain
-    context = SSLContext(PROTOCOL_TLS)
+    context = SSLContext(PROTOCOL_TLS_CLIENT)
    if client_certificate and private_key:
        try:
            context.load_cert_chain(client_certificate, private_key)
--- a/homeassistant/util/ssl.py
+++ b/homeassistant/util/ssl.py
@ -23,7 +23,7 @@ def server_context_modern() -> ssl.SSLContext:
    https://wiki.mozilla.org/Security/Server_Side_TLS
    Modern guidelines are followed.
    """
-    context = ssl.SSLContext(ssl.PROTOCOL_TLS)
+    context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)

    context.options |= (
        ssl.OP_NO_SSLv2
@ -53,7 +53,7 @@ def server_context_intermediate() -> ssl.SSLContext:
    https://wiki.mozilla.org/Security/Server_Side_TLS
    Intermediate guidelines are followed.
    """
-    context = ssl.SSLContext(ssl.PROTOCOL_TLS)
+    context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)

    context.options |= (
        ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_CIPHER_SERVER_PREFERENCE
--- a/tests/components/mqtt/test_init.py
+++ b/tests/components/mqtt/test_init.py
@ -1879,7 +1879,7 @@ async def test_tls_version(
        await mqtt_mock_entry_with_yaml_config()

        assert calls
-        assert calls[0][3] == ssl.PROTOCOL_TLS
+        assert calls[0][3] == ssl.PROTOCOL_TLS_CLIENT


@pytest.mark.parametrize(