Add ssl protocol and ciphers in config

config

@@ -25,6 +25,10 @@ ssl = False
 certificate = /etc/apache2/ssl/server.crt
 # SSL private key
 key = /etc/apache2/ssl/server.key
+# SSL Protocol used. See python's ssl module for available values
+protocol = PROTOCOL_SSLv23
+# Ciphers available. See python's ssl module for available ciphers
+ciphers = None
 # Reverse DNS to resolve client address in logs
 dns_lookup = True
 # Root URL of Radicale (starting and ending with a slash)

radicale/__init__.py

@@ -98,7 +98,9 @@ class HTTPSServer(HTTPServer):
             server_side=True,
             certfile=config.get("server", "certificate"),
             keyfile=config.get("server", "key"),
-            ssl_version=ssl.PROTOCOL_SSLv23)
+            ssl_version=getattr(ssl, config.get("server", "protocol"),
+                                ssl.PROTOCOL_SSLv23),
+            ciphers=config.get("server", "ciphers"))
 
         self.server_bind()
         self.server_activate()
@@ -271,8 +273,7 @@ class Application(object):
         authorization = environ.get("HTTP_AUTHORIZATION", None)
 
         if authorization:
-            authorization = \
-                authorization.decode("ascii").lstrip("Basic").strip()
+            authorization = authorization.lstrip("Basic").strip()
             user, password = self.decode(base64.b64decode(
                 authorization.encode("ascii")), environ).split(":", 1)
         else:

radicale/config.py

@@ -45,6 +45,8 @@ INITIAL_CONFIG = {
         "ssl": "False",
         "certificate": "/etc/apache2/ssl/server.crt",
         "key": "/etc/apache2/ssl/server.key",
+        "protocol": "PROTOCOL_SSLv23",
+        "ciphers": None,
         "dns_lookup": "True",
         "base_prefix": "/",
         "realm": "Radicale - Password Required"},