twisted · KaviHarjani · Apr 24, 2024 · Apr 24, 2024 · Apr 25, 2024 · Apr 25, 2024
diff --git a/NEWS.rst b/NEWS.rst
@@ -3873,7 +3873,7 @@ Twisted Core 15.4.0 (2015-09-04)
 ================================
 
 This is the last Twisted release where Python 2.6 is supported, on any
-platform. 
+platform.
 
 Features
 --------

diff --git a/src/twisted/internet/endpoints.py b/src/twisted/internet/endpoints.py
@@ -1382,6 +1382,7 @@ def _parseSSL(
  privateKey="server.pem",
  certKey=None,
  sslmethod=None,
+ cipher=None,
  interface="",
  backlog=50,
  extraCertChain=None,
@@ -1414,6 +1415,9 @@ def _parseSSL(
  constant in C{OpenSSL.SSL}.
  @type sslmethod: C{str}
 
+ @param cipher: A string containing a list of cipher values, formatted as comma-separated values.
+ @type cipher: C{str}
+
  @param extraCertChain: The path of a file containing one or more
  certificates in PEM format that establish the chain from a root CA to
  the CA that signed your C{certKey}.
@@ -1466,6 +1470,10 @@ def _parseSSL(
  dhParameters=dhParameters,
  **kw,
  )
+
+ if cipher:
+ cipher_bytes = cipher.replace(",", ":").encode("ascii")
+ cf.getContext().set_cipher_list(cipher_bytes)
  return ((int(port), factory, cf), {"interface": interface, "backlog": int(backlog)})
 
 
@@ -1768,6 +1776,13 @@ def serverFromString(reactor, description):
  file name (C{certKey}) isn't provided, the private key file is assumed to
  contain the certificate as well.
 
+ For custom cipher list, you can make use of the 'cipher' keyword and a comma seperated
+ string as below::
+
+ serverFromString(
+ reactor, "ssl:443:privateKey=key.pem:certKey=crt.pem:cipher=ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256"
+ )
+
  You may escape colons in arguments with a backslash, which you will need to
  use if you want to specify a full pathname argument on Windows::
 

diff --git a/src/twisted/internet/test/test_endpoints.py b/src/twisted/internet/test/test_endpoints.py
@@ -3259,6 +3259,27 @@
  ctx = server._sslContextFactory.getContext()
  self.assertIsInstance(ctx, ContextType)
 
+ @skipIf(skipSSL, skipSSLReason)
+ def test_sslWithCustomCipher(self):
+ """
+ A cipher list is supported, using the OpenSSL format.
+ The colon (:) from the OpenSSL format is replaced with a comma (,).
+ """
+ reactor = object()
+ server = (
+ endpoints.serverFromString(
+ reactor,
+ "ssl:1234:backlog=12:privateKey=%s:"
+ "certKey=%s:cipher=ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ALL,!ADH,"
+ "@STRENGTH,+RSA,-DSA,SHA1+DES"
+ % (escapedPEMPathName, escapedPEMPathName),
+ ),
+ )
+ self.assertIsInstance(server, endpoints.SSL4ServerEndpoint)
+ self.assertEqual(server._sslContextFactory.method, TLSv1_2_METHOD)
+ ctx = server._sslContextFactory.getContext()
+ self.assertIsInstance(ctx, ContextType)
+
  def test_unix(self):
  """
  When passed a UNIX strports description, L{endpoint.serverFromString}

diff --git a/src/twisted/newsfragments/12134.feature b/src/twisted/newsfragments/12134.feature
@@ -0,0 +1 @@
+Added support for `cipher` in `serverFromString` function