twisted · KaviHarjani · Apr 24, 2024 · Apr 24, 2024 · Apr 25, 2024 · Apr 25, 2024
diff --git a/NEWS.rst b/NEWS.rst
@@ -3873,7 +3873,7 @@ Twisted Core 15.4.0 (2015-09-04)
 ================================
 
 This is the last Twisted release where Python 2.6 is supported, on any
-platform. 
+platform.
 
 Features
 --------
@@ -4417,6 +4417,7 @@ Twisted Core 15.0.0 (2015-01-24)
 
 Features
 --------
+ - twisted.internet.endpoints adding support for cipher in `serverFromString`(#12134)
  - twisted.internet.protocol.ClientFactory (and subclasses) may now
  return None from buildProtocol to immediately close the connection.
  (#710)

diff --git a/src/twisted/internet/endpoints.py b/src/twisted/internet/endpoints.py
@@ -1382,6 +1382,7 @@ def _parseSSL(
  privateKey="server.pem",
  certKey=None,
  sslmethod=None,
+ cipher=None,
  interface="",
  backlog=50,
  extraCertChain=None,
@@ -1466,6 +1467,10 @@ def _parseSSL(
  dhParameters=dhParameters,
  **kw,
  )
+
+ if cipher:
+ if isinstance(cipher, str):
+ cf.getContext().set_cipher_list(str.encode(cipher.replace(",", ":")))
  return ((int(port), factory, cf), {"interface": interface, "backlog": int(backlog)})
 
 

diff --git a/src/twisted/internet/test/test_endpoints.py b/src/twisted/internet/test/test_endpoints.py
@@ -3259,6 +3259,29 @@
  ctx = server._sslContextFactory.getContext()
  self.assertIsInstance(ctx, ContextType)
 
+ @skipIf(skipSSL, skipSSLReason)
+ def test_sslWithCustomCipher(self):
+ """
+ Test adding custom cipher to the serverFromString function.
+ """
+ reactor = object()
+ server = (
+ endpoints.serverFromString(
+ reactor,
+ "ssl:1234:backlog=12:privateKey=%s:"
+ "certKey=%s:sslmethod=TLSv1_2_METHOD:interface=10.0.0.1:cipher=ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-RSA-AES128-GCM-SHA256"
+ % (escapedPEMPathName, escapedPEMPathName),
+ ),
+ )
+ self.assertIsInstance(server, endpoints.SSL4ServerEndpoint)
+ self.assertIs(server._reactor, reactor)
+ self.assertEqual(server._port, 1234)
+ self.assertEqual(server._backlog, 12)
+ self.assertEqual(server._interface, "10.0.0.1")
+ self.assertEqual(server._sslContextFactory.method, TLSv1_2_METHOD)
+ ctx = server._sslContextFactory.getContext()
+ self.assertIsInstance(ctx, ContextType)
+
  def test_unix(self):
  """
  When passed a UNIX strports description, L{endpoint.serverFromString}