From ed197d8fb18c9067c2994b87610d564e2e4f5bec Mon Sep 17 00:00:00 2001
From: marco370 <48531002-marco370@users.noreply.replit.com>
Date: Tue, 25 Nov 2025 17:58:02 +0000
Subject: [PATCH] Improve MikroTik connection by supporting legacy SSL
 protocols

Adds a custom SSL context to `httpx.AsyncClient` to allow connections to MikroTik devices using older TLS versions and cipher suites, specifically addressing SSL handshake failures.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 7a657272-55ba-4a79-9a2e-f1ed9bc7a528
Replit-Commit-Checkpoint-Type: full_checkpoint
Replit-Commit-Event-Id: c7f10319-c117-454c-bfc1-1bd3a59078cd
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/449cf7c4-c97a-45ae-8234-e5c5b8d6a84f/7a657272-55ba-4a79-9a2e-f1ed9bc7a528/jFtLBWL
---
 python_ml/mikrotik_manager.py | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/python_ml/mikrotik_manager.py b/python_ml/mikrotik_manager.py
index 69d0650..74a3f00 100644
--- a/python_ml/mikrotik_manager.py
+++ b/python_ml/mikrotik_manager.py
@@ -5,6 +5,7 @@ Più veloce e affidabile di SSH per 10+ router
 
 import httpx
 import asyncio
+import ssl
 from typing import List, Dict, Optional
 from datetime import datetime
 import hashlib
@@ -34,11 +35,27 @@ class MikroTikManager:
                 "Authorization": f"Basic {auth}",
                 "Content-Type": "application/json"
             }
+            
+            # SSL context per MikroTik (supporta protocolli TLS legacy)
+            ssl_context = None
+            if protocol == "https":
+                ssl_context = ssl.create_default_context()
+                ssl_context.check_hostname = False
+                ssl_context.verify_mode = ssl.CERT_NONE
+                # Abilita protocolli TLS legacy per MikroTik (TLS 1.0+)
+                try:
+                    ssl_context.minimum_version = ssl.TLSVersion.TLSv1
+                except AttributeError:
+                    # Python < 3.7 fallback
+                    pass
+                # Abilita cipher suite legacy per compatibilità
+                ssl_context.set_ciphers('DEFAULT@SECLEVEL=1')
+            
             self.clients[key] = httpx.AsyncClient(
                 base_url=f"{protocol}://{router_ip}:{port}",
                 headers=headers,
                 timeout=self.timeout,
-                verify=False  # Disable SSL verification for self-signed certs
+                verify=ssl_context if ssl_context else True
             )
         return self.clients[key]