nylas / sync-engine

:incoming_envelope: IMAP/SMTP sync system with modern APIs
https://nylas.com/docs/platform
GNU Affero General Public License v3.0
3.5k stars 354 forks source link

Use more secure TLS validation #328

Closed pfista closed 8 years ago

pfista commented 8 years ago

Upgrades gevent, requests, and urllib3 to get support for the latest TLS protocol versions. In some cases, users were unable to verify their webhooks hosted on services like AWS because AWS rejects insecure SSLv3 and SSLv2 (for good reason!).

Note: This commit also contains a temporary hack due to our inability to upgrade from openssl 1.0.1 on our base OS. Certificate verification will fail when making requests to servers with cross-signed certificates, so we must rely on certifi which currently retains older, insecure 1024-bit keys.

spang commented 8 years ago

Can you update this to the latest version of the sync engine repo? The changes in general LGTM, but the dependency changes conflict with the consolidation I pushed through yesterday.

pfista commented 8 years ago

@spang It's up to date now with the latest commits