Add option --use-all-ciphers

moodle_dl/downloader/task.py

@@ -311,7 +311,7 @@ async def get_head_infos(self, dl_url: str) -> HeadInfo:
         @return: If download should be aborted then None; else HeadInfo
         """
         ssl_context = SslHelper.get_ssl_context(
-            self.opts.global_opts.skip_cert_verify, self.opts.global_opts.allow_insecure_ssl
+            self.opts.global_opts.skip_cert_verify, self.opts.global_opts.allow_insecure_ssl, self.opts.global_opts.use_all_ciphers
         )
         async with aiohttp.ClientSession(cookie_jar=self.get_cookie_jar(), raise_for_status=True) as session:
             try:
@@ -819,7 +819,7 @@ async def download_url(self, dl_url: str, dest_path: str, timeout: int = None):
         file_obj = None
         headers = self.RQ_HEADER.copy()
         ssl_context = SslHelper.get_ssl_context(
-            self.opts.global_opts.skip_cert_verify, self.opts.global_opts.allow_insecure_ssl
+            self.opts.global_opts.skip_cert_verify, self.opts.global_opts.allow_insecure_ssl, self.opts.global_opts.use_all_ciphers
         )
         with Timer() as watch:
             async with aiohttp.ClientSession(cookie_jar=self.get_cookie_jar(), raise_for_status=True) as session:

moodle_dl/main.py

@@ -459,6 +459,14 @@ def _dir_path(path):
         action='store_true',
         help='Allow connections to unpatched servers. Use this option if your server uses a very old SSL version.',
     )
+    parser.add_argument(
+        '-uac',
+        '--use-all-ciphers',
+        dest='use_all_ciphers',
+        default=False,
+        action='store_true',
+        help='Allow connections to servers that use insecure ciphers. Use this option if your server uses an insecure cipher.',
+    )
     parser.add_argument(
         '-scv',
         '--skip-cert-verify',

moodle_dl/moodle/request_helper.py

@@ -62,7 +62,7 @@ def post_URL(self, url: str, data: Dict[str, str] = None, cookie_jar_path: str =
         if data is not None:
             data_urlencoded = self.recursive_urlencode(data)
 
-        session = SslHelper.custom_requests_session(self.opts.skip_cert_verify, self.opts.allow_insecure_ssl)
+        session = SslHelper.custom_requests_session(self.opts.skip_cert_verify, self.opts.allow_insecure_ssl, self.opts.use_all_ciphers)
         if cookie_jar_path is not None:
             session.cookies = MoodleDLCookieJar(cookie_jar_path)
 
@@ -91,7 +91,7 @@ def get_URL(self, url: str, cookie_jar_path: str = None):
         @return: The resulting Response object.
         """
 
-        session = SslHelper.custom_requests_session(self.opts.skip_cert_verify, self.opts.allow_insecure_ssl)
+        session = SslHelper.custom_requests_session(self.opts.skip_cert_verify, self.opts.allow_insecure_ssl, self.opts.use_all_ciphers)
         if cookie_jar_path is not None:
             session.cookies = MoodleDLCookieJar(cookie_jar_path)
 
@@ -123,7 +123,7 @@ async def async_post(self, function: str, data: Dict[str, str] = None, timeout:
         data = self._get_POST_DATA(function, self.token, data)
         data_urlencoded = self.recursive_urlencode(data)
         url = self._get_REST_POST_URL(self.url_base, function)
-        ssl_context = SslHelper.get_ssl_context(self.opts.skip_cert_verify, self.opts.allow_insecure_ssl)
+        ssl_context = SslHelper.get_ssl_context(self.opts.skip_cert_verify, self.opts.allow_insecure_ssl, self.opts.use_all_ciphers)
 
         error_ctr = 0
         async with self.semaphore, aiohttp.ClientSession() as session:
@@ -181,7 +181,7 @@ def post(self, function: str, data: Dict[str, str] = None, timeout: int = 60) ->
         data_urlencoded = self.recursive_urlencode(data)
         url = self._get_REST_POST_URL(self.url_base, function)
 
-        session = SslHelper.custom_requests_session(self.opts.skip_cert_verify, self.opts.allow_insecure_ssl)
+        session = SslHelper.custom_requests_session(self.opts.skip_cert_verify, self.opts.allow_insecure_ssl, self.opts.use_all_ciphers)
         error_ctr = 0
         while error_ctr <= self.MAX_RETRIES:
             try:
@@ -249,7 +249,7 @@ def get_login(self, data: Dict[str, str]) -> object:
         @return: The JSON response returned by the Moodle System, already
         checked for errors.
         """
-        session = SslHelper.custom_requests_session(self.opts.skip_cert_verify, self.opts.allow_insecure_ssl)
+        session = SslHelper.custom_requests_session(self.opts.skip_cert_verify, self.opts.allow_insecure_ssl, self.opts.use_all_ciphers)
         try:
             response = session.post(
                 f'{self.url_base}login/token.php',

moodle_dl/notifications/discord/discord_shooter.py

@@ -37,7 +37,9 @@ def send(self, embeds: List):
 
     def send_data(self, data: Dict):
 
-        session = SslHelper.custom_requests_session(skip_cert_verify=False, allow_insecure_ssl=False)
+        session = SslHelper.custom_requests_session(
+            skip_cert_verify=False, allow_insecure_ssl=False, use_all_ciphers=False
+        )
         for webhook_url in self.discord_webhooks:
             try:
                 response = session.post(webhook_url, data=json.dumps(data), headers=self.RQ_HEADER, timeout=60)

moodle_dl/notifications/telegram/telegram_shooter.py

@@ -23,7 +23,7 @@ def send(self, message: str):
         url = f'https://api.telegram.org/bot{self.telegram_token}/sendMessage'
         data_urlencoded = urllib.parse.urlencode(payload)
 
-        session = SslHelper.custom_requests_session(skip_cert_verify=False, allow_insecure_ssl=False)
+        session = SslHelper.custom_requests_session(skip_cert_verify=False, allow_insecure_ssl=False, , use_all_ciphers=False)
         try:
             response = session.post(url, data=data_urlencoded, headers=self.RQ_HEADER, timeout=60)
         except RequestException as error:

moodle_dl/types.py

@@ -272,6 +272,7 @@ class MoodleDlOpts:
     without_downloading_files: bool
     max_path_length_workaround: bool
     allow_insecure_ssl: bool
+    use_all_ciphers: bool
     skip_cert_verify: bool
     verbose: bool
     quiet: bool

moodle_dl/utils.py

@@ -786,7 +786,7 @@ def load_default_certs(cls, ssl_context: ssl.SSLContext):
 
     @classmethod
     @lru_cache(maxsize=4)
-    def get_ssl_context(cls, skip_cert_verify: bool, allow_insecure_ssl: bool):
+    def get_ssl_context(cls, skip_cert_verify: bool, allow_insecure_ssl: bool, use_all_ciphers: bool):
         if not skip_cert_verify:
             ssl_context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
             cls.load_default_certs(ssl_context)
@@ -799,6 +799,8 @@ def get_ssl_context(cls, skip_cert_verify: bool, allow_insecure_ssl: bool):
             # Be warned the insecure renegotiation allows an attack, see:
             # https://nvd.nist.gov/vuln/detail/CVE-2009-3555
             ssl_context.options |= 0x4  # set ssl.OP_LEGACY_SERVER_CONNECT bit
+        if use_all_ciphers:
+            ssl_context.set_ciphers('ALL')
 
         return ssl_context
 
@@ -818,12 +820,12 @@ def init_poolmanager(self, connections, maxsize, block=False, **pool_kwargs):
             )
 
     @classmethod
-    def custom_requests_session(cls, skip_cert_verify: bool, allow_insecure_ssl: bool):
+    def custom_requests_session(cls, skip_cert_verify: bool, allow_insecure_ssl: bool, use_all_ciphers: bool):
         """
         Return a new requests session with custom SSL context
         """
         session = requests.Session()
-        ssl_context = cls.get_ssl_context(skip_cert_verify, allow_insecure_ssl)
+        ssl_context = cls.get_ssl_context(skip_cert_verify, allow_insecure_ssl, use_all_ciphers)
         session.mount('https://', cls.CustomHttpAdapter(ssl_context))
         session.verify = not skip_cert_verify
         return session

moodle_dl/version.py

@@ -1 +1 @@
-__version__ = '2.3.8'
+__version__ = '2.3.9'