bpo-33570: TLS 1.3 ciphers for OpenSSL 1.1.1 (GH-6976) Change TLS 1.3 cipher suite settings for compatibility with OpenSSL 1.1.1-pre6 and newer. OpenSSL 1.1.1 will have TLS 1.3 cipers enabled by default. Also update multissltests and Travis config to test with latest OpenSSL. Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit e8eb6cb7920ded66abc5d284319a8539bdc2bae3) Co-authored-by: Christian Heimes <christian@python.org>

commit: cd57b48ef9a70b7ef693ba52aaf38d7c945ab5d3 [log] [tgz]
author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Tue May 22 14:40:46 2018 -0700
committer: GitHub <noreply@github.com> Tue May 22 14:40:46 2018 -0700
tree: 0cdf62589860b0e2d1a9e1d476bcb47ff860ac32
parent: 1f22a3003e0d5f125cfbcd6872ccdb92e7f2d798 [diff] [blame]
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index dcb2666..2ccea13 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst

@@ -169,11 +169,6 @@
 
      3DES was dropped from the default cipher string.
 
-   .. versionchanged:: 3.7
-
-     TLS 1.3 cipher suites TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384,
-     and TLS_CHACHA20_POLY1305_SHA256 were added to the default cipher string.
-
 
 Exceptions
 ^^^^^^^^^^
@@ -1601,6 +1596,9 @@
       when connected, the :meth:`SSLSocket.cipher` method of SSL sockets will
       give the currently selected cipher.
 
+      OpenSSL 1.1.1 has TLS 1.3 cipher suites enabled by default. The suites
+      cannot be disabled with :meth:`~SSLContext.set_ciphers`.
+
 .. method:: SSLContext.set_alpn_protocols(protocols)
 
    Specify which protocols the socket should advertise during the SSL/TLS
commit	cd57b48ef9a70b7ef693ba52aaf38d7c945ab5d3	[log] [tgz]
author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	Tue May 22 14:40:46 2018 -0700
committer	GitHub <noreply@github.com>	Tue May 22 14:40:46 2018 -0700
tree	0cdf62589860b0e2d1a9e1d476bcb47ff860ac32
parent	1f22a3003e0d5f125cfbcd6872ccdb92e7f2d798 [diff] [blame]