diff options
| author | Benjamin Peterson <benjamin@python.org> | 2015-11-11 22:38:41 -0800 |
|---|---|---|
| committer | Benjamin Peterson <benjamin@python.org> | 2015-11-11 22:38:41 -0800 |
| commit | 10aaca9941ac6e7658de4586c8e9b28a0e9bd4b3 (patch) | |
| tree | 9f2310e7cc17f1a2104dc761a46a91ba811f240c /Modules/_ssl.c | |
| parent | 59d451d68fb738b7d9c45d72f7d4f64c4c708f09 (diff) | |
| download | cpython-git-10aaca9941ac6e7658de4586c8e9b28a0e9bd4b3.tar.gz | |
always set OP_NO_SSLv3 by default (closes #25530)
Diffstat (limited to 'Modules/_ssl.c')
| -rw-r--r-- | Modules/_ssl.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index a327ae289c..398a43aaf8 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -2046,6 +2046,8 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds) options = SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; if (proto_version != PY_SSL_VERSION_SSL2) options |= SSL_OP_NO_SSLv2; + if (proto_version != PY_SSL_VERSION_SSL3) + options |= SSL_OP_NO_SSLv3; SSL_CTX_set_options(self->ctx, options); #ifndef OPENSSL_NO_ECDH |