From d2b5c433b1588ebf01b31617874c0c33392aa8e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Berg?=
 <32747776+MisterMountain@users.noreply.github.com>
Date: Wed, 30 Oct 2024 14:15:26 +0100
Subject: [PATCH 1/2] enforce lowlevel ciphers for legacy environments by
 ctx.set_ciphers

---
 check_brevisone | 1 +
 1 file changed, 1 insertion(+)

diff --git a/check_brevisone b/check_brevisone
index 62085fd..2541eb8 100755
--- a/check_brevisone
+++ b/check_brevisone
@@ -171,6 +171,7 @@ def get_data(base_url, timeout, insecure):
     # Default context for connection
     ctx = ssl.create_default_context()
     if insecure is True:
+        ctx.set_ciphers("DHE-RSA-AES256-GCM-SHA384:@SECLEVEL=1")
         ctx.check_hostname = False
         ctx.verify_mode = ssl.CERT_NONE
 

From 1f5e66e9cd6a4e6623aa5c6728de0a7e01d70c01 Mon Sep 17 00:00:00 2001
From: Markus Opolka <markus.opolka@tutanota.com>
Date: Thu, 3 Apr 2025 11:02:16 +0200
Subject: [PATCH 2/2] Update check_brevisone

---
 check_brevisone | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/check_brevisone b/check_brevisone
index 2541eb8..bc0b7c9 100755
--- a/check_brevisone
+++ b/check_brevisone
@@ -171,7 +171,7 @@ def get_data(base_url, timeout, insecure):
     # Default context for connection
     ctx = ssl.create_default_context()
     if insecure is True:
-        ctx.set_ciphers("DHE-RSA-AES256-GCM-SHA384:@SECLEVEL=1")
+        ctx.set_ciphers("ALL:@SECLEVEL=0")
         ctx.check_hostname = False
         ctx.verify_mode = ssl.CERT_NONE