mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-04 00:48:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

always set OP_NO_SSLv3 by default (closes #25530)

Browse source
This commit is contained in:
Benjamin Peterson 2015-11-11 22:38:41 -08:00
parent eda06c8f5e
commit a9dcdabccb
3 changed files with 14 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Modules/_ssl.c
View file

@ -2037,6 +2037,8 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
options = SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
if (proto_version != PY_SSL_VERSION_SSL2)
options |= SSL_OP_NO_SSLv2;
if (proto_version != PY_SSL_VERSION_SSL3)
options |= SSL_OP_NO_SSLv3;
SSL_CTX_set_options(self->ctx, options);
#ifndef OPENSSL_NO_ECDH