diff options
author | Donald Stufft <donald@stufft.io> | 2017-03-02 12:37:07 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-03-02 12:37:07 -0500 |
commit | f1a696efd6ca674579e25de29ec4053ff5a5ade1 (patch) | |
tree | 9cdc2a2104608ee8d2023c9c45e447956d5fd071 /Modules/_ssl.c | |
parent | 951496913ef022fae6677431c274f3a7fe79d255 (diff) | |
download | cpython-git-f1a696efd6ca674579e25de29ec4053ff5a5ade1.tar.gz |
bpo-29697: Don't use OpenSSL <1.0.2 fallback on 1.1+ (GH-399)
Diffstat (limited to 'Modules/_ssl.c')
-rw-r--r-- | Modules/_ssl.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index a92710077c..4fff16f6f4 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -2166,12 +2166,12 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds) options |= SSL_OP_NO_SSLv3; SSL_CTX_set_options(self->ctx, options); -#ifndef OPENSSL_NO_ECDH +#if !defined(OPENSSL_NO_ECDH) && !defined(OPENSSL_VERSION_1_1) /* Allow automatic ECDH curve selection (on OpenSSL 1.0.2+), or use prime256v1 by default. This is Apache mod_ssl's initialization policy, so we should be safe. OpenSSL 1.1 has it enabled by default. */ -#if defined(SSL_CTX_set_ecdh_auto) && !defined(OPENSSL_VERSION_1_1) +#if defined(SSL_CTX_set_ecdh_auto) SSL_CTX_set_ecdh_auto(self->ctx, 1); #else { |