Added --ssl=<PROTOCOL_VERSION>

Closes #98

httpie/cli.py

@@ -20,7 +20,7 @@ from httpie.input import (HTTPieArgumentParser,
                           OUT_RESP_BODY, OUTPUT_OPTIONS,
                           OUTPUT_OPTIONS_DEFAULT, PRETTY_MAP,
                           PRETTY_STDOUT_TTY_ONLY, SessionNameValidator,
-                          readable_file_arg)
+                          readable_file_arg, SSL_VERSION_ARG_MAPPING)
 
 
 class HTTPieHelpFormatter(RawDescriptionHelpFormatter):
@@ -485,29 +485,6 @@ network.add_argument(
     """
 )
 
-network.add_argument(
-    '--cert',
-    default=None,
-    type=readable_file_arg,
-    help="""
-    You can specify a local cert to use as client side SSL certificate.
-    This file may either contain both private key and certificate or you may
-    specify --cert-key separately.
-
-    """
-)
-
-network.add_argument(
-    '--cert-key',
-    default=None,
-    type=readable_file_arg,
-    help="""
-    The private key to use with SSL. Only needed if --cert is given and the
-    certificate file does not contain the private key.
-
-    """
-)
-
 network.add_argument(
     '--timeout',
     type=float,
@@ -537,6 +514,46 @@ network.add_argument(
 )
 
 
+#######################################################################
+# SSL
+#######################################################################
+
+ssl = parser.add_argument_group(title='SSL')
+ssl.add_argument(
+    '--ssl',  # TODO: Maybe something more general, such as --secure-protocol?
+    dest='ssl_version',
+    choices=list(sorted(SSL_VERSION_ARG_MAPPING.keys())),
+    help="""
+    The desired protocol version to use. This will default to
+    SSL v2.3 which will negotiate the highest protocol that both
+    the server and your installation of OpenSSL support. Available protocols
+    may vary depending on OpenSSL installation (only the supported ones
+    are shown here).
+    """
+)
+ssl.add_argument(
+    '--cert',
+    default=None,
+    type=readable_file_arg,
+    help="""
+    You can specify a local cert to use as client side SSL certificate.
+    This file may either contain both private key and certificate or you may
+    specify --cert-key separately.
+
+    """
+)
+
+ssl.add_argument(
+    '--cert-key',
+    default=None,
+    type=readable_file_arg,
+    help="""
+    The private key to use with SSL. Only needed if --cert is given and the
+    certificate file does not contain the private key.
+
+    """
+)
+
 #######################################################################
 # Troubleshooting
 #######################################################################

httpie/client.py

@@ -3,11 +3,13 @@ import sys
 from pprint import pformat
 
 import requests
+from requests.adapters import HTTPAdapter
 from requests.packages import urllib3
 
 from httpie import sessions
 from httpie import __version__
 from httpie.compat import str
+from httpie.input import SSL_VERSION_ARG_MAPPING
 from httpie.plugins import plugin_manager
 
 
@@ -27,8 +29,23 @@ JSON = 'application/json'
 DEFAULT_UA = 'HTTPie/%s' % __version__
 
 
-def get_requests_session():
+class HTTPieHTTPAdapter(HTTPAdapter):
+
+    def __init__(self, ssl_version=None, **kwargs):
+        self._ssl_version = ssl_version
+        super(HTTPieHTTPAdapter, self).__init__(**kwargs)
+
+    def init_poolmanager(self, *args, **kwargs):
+        kwargs['ssl_version'] = self._ssl_version
+        super(HTTPieHTTPAdapter, self).init_poolmanager(*args, **kwargs)
+
+
+def get_requests_session(ssl_version):
     requests_session = requests.Session()
+    requests_session.mount(
+        'https://',
+        HTTPieHTTPAdapter(ssl_version=ssl_version)
+    )
     for cls in plugin_manager.get_transport_plugins():
         transport_plugin = cls()
         requests_session.mount(prefix=transport_plugin.prefix,
@@ -38,7 +55,12 @@ def get_requests_session():
 
 def get_response(args, config_dir):
     """Send the request and return a `request.Response`."""
-    requests_session = get_requests_session()
+
+    ssl_version = None
+    if args.ssl_version:
+        ssl_version = SSL_VERSION_ARG_MAPPING[args.ssl_version]
+
+    requests_session = get_requests_session(ssl_version)
     requests_session.max_redirects = args.max_redirects
 
     if not args.session and not args.session_read_only:

httpie/input.py

@@ -2,6 +2,7 @@
 
 """
 import os
+import ssl
 import sys
 import re
 import errno
@@ -103,6 +104,20 @@ OUTPUT_OPTIONS_DEFAULT = OUT_RESP_HEAD + OUT_RESP_BODY
 OUTPUT_OPTIONS_DEFAULT_STDOUT_REDIRECTED = OUT_RESP_BODY
 
 
+SSL_VERSION_ARG_MAPPING = {
+    'ssl2.3': 'PROTOCOL_SSLv23',
+    'ssl3': 'PROTOCOL_SSLv3',
+    'tls1': 'PROTOCOL_TLSv1',
+    'tls1.1': 'PROTOCOL_TLSv1_1',
+    'tls1.2': 'PROTOCOL_TLSv1_2',
+}
+SSL_VERSION_ARG_MAPPING = dict(
+    (cli_arg, getattr(ssl, ssl_constant))
+    for cli_arg, ssl_constant in SSL_VERSION_ARG_MAPPING.items()
+    if hasattr(ssl, ssl_constant)
+)
+
+
 class HTTPieArgumentParser(ArgumentParser):
     """Adds additional logic to `argparse.ArgumentParser`.