Fixup from test_ssl test_default_ecdh_curve (GH-11877)

Partial backport from cb5b68abdeb1b1d56c581d5b4d647018703d61e3 Co-authored-by: Christian Heimes <christian@python.org>
author: stratakis <cstratak@redhat.com> 2019-02-15 16:18:58 (GMT)
committer: Victor Stinner <vstinner@redhat.com> 2019-02-15 16:18:58 (GMT)
commit: 28eb87f4f558952f259fada7be1ab5b31b8a91ef (patch)
tree: e30e31b5edba4cdb64f59d777abdfb902a2cb4a3
parent: b8eaec697a2b5d9d2def2950a0aa50e8ffcf1059 (diff)
download: cpython-28eb87f4f558952f259fada7be1ab5b31b8a91ef.zip
cpython-28eb87f4f558952f259fada7be1ab5b31b8a91ef.tar.gz
cpython-28eb87f4f558952f259fada7be1ab5b31b8a91ef.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 00c8302..01e5432 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -2860,6 +2860,9 @@ else:
             # should be enabled by default on SSL contexts.
             context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
             context.load_cert_chain(CERTFILE)
+            # TLSv1.3 defaults to PFS key agreement and no longer has KEA in
+            # cipher name.
+            context.options |= ssl.OP_NO_TLSv1_3
             # Prior to OpenSSL 1.0.0, ECDH ciphers have to be enabled
             # explicitly using the 'ECCdraft' cipher alias.  Otherwise,
             # our default cipher list should prefer ECDH-based ciphers
author	stratakis <cstratak@redhat.com>	2019-02-15 16:18:58 (GMT)
committer	Victor Stinner <vstinner@redhat.com>	2019-02-15 16:18:58 (GMT)
commit	28eb87f4f558952f259fada7be1ab5b31b8a91ef (patch)
tree	e30e31b5edba4cdb64f59d777abdfb902a2cb4a3
parent	b8eaec697a2b5d9d2def2950a0aa50e8ffcf1059 (diff)
download	cpython-28eb87f4f558952f259fada7be1ab5b31b8a91ef.zip cpython-28eb87f4f558952f259fada7be1ab5b31b8a91ef.tar.gz cpython-28eb87f4f558952f259fada7be1ab5b31b8a91ef.tar.bz2