Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame^] | 1 | From 946a7969345c6697697effd226ec396d3fea05b7 Mon Sep 17 00:00:00 2001 |
| 2 | From: Dimitri John Ledkov <xnox@ubuntu.com> |
| 3 | Date: Fri, 28 Sep 2018 17:30:19 +0100 |
| 4 | Subject: [PATCH 4/4] bpo-34836: fix test_default_ecdh_curve, needs no tlsv1.3. |
| 5 | |
| 6 | Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> |
| 7 | |
| 8 | https://bugs.python.org/issue34836 |
| 9 | |
| 10 | Patch taken from Ubuntu. |
| 11 | Upstream-Status: Submitted [https://github.com/python/cpython/pull/9626] |
| 12 | |
| 13 | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> |
| 14 | --- |
| 15 | Lib/test/test_ssl.py | 3 +++ |
| 16 | 1 file changed, 3 insertions(+) |
| 17 | |
| 18 | diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py |
| 19 | index efc906a5ba..4a3286cd5f 100644 |
| 20 | --- a/Lib/test/test_ssl.py |
| 21 | +++ b/Lib/test/test_ssl.py |
| 22 | @@ -2836,6 +2836,9 @@ else: |
| 23 | # should be enabled by default on SSL contexts. |
| 24 | context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) |
| 25 | context.load_cert_chain(CERTFILE) |
| 26 | + # TLSv1.3 defaults to PFS key agreement and no longer has KEA in |
| 27 | + # cipher name. |
| 28 | + context.options |= ssl.OP_NO_TLSv1_3 |
| 29 | # Prior to OpenSSL 1.0.0, ECDH ciphers have to be enabled |
| 30 | # explicitly using the 'ECCdraft' cipher alias. Otherwise, |
| 31 | # our default cipher list should prefer ECDH-based ciphers |
| 32 | -- |
| 33 | 2.17.1 |
| 34 | |