commit | a9dcdabccb1a1f7c76030c0b188ecaf7ab599e57 | [log] [tgz] |
---|---|---|
author | Benjamin Peterson <benjamin@python.org> | Wed Nov 11 22:38:41 2015 -0800 |
committer | Benjamin Peterson <benjamin@python.org> | Wed Nov 11 22:38:41 2015 -0800 |
tree | 2882780efa009d163ef576cc082efa65d050c88e | |
parent | eda06c8f5e7d7ed5ff79c2c5296253f8f14b7f28 [diff] [blame] |
always set OP_NO_SSLv3 by default (closes #25530)
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 3e9996e..63a0f9c 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c
@@ -2037,6 +2037,8 @@ options = SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; if (proto_version != PY_SSL_VERSION_SSL2) options |= SSL_OP_NO_SSLv2; + if (proto_version != PY_SSL_VERSION_SSL3) + options |= SSL_OP_NO_SSLv3; SSL_CTX_set_options(self->ctx, options); #ifndef OPENSSL_NO_ECDH