diff options
| author | Donald Stufft <donald@stufft.io> | 2017-03-02 17:32:13 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-03-02 17:32:13 (GMT) |
| commit | 784ba7c8ad53638c94270011d55d2536ff0cd2dd (patch) | |
| tree | d15ef1fb254d2b2d9fef86aba75847dd59449d13 | |
| parent | b05d48e021bc9c0700939978ab1ba300e0407a0e (diff) | |
| download | cpython-784ba7c8ad53638c94270011d55d2536ff0cd2dd.zip cpython-784ba7c8ad53638c94270011d55d2536ff0cd2dd.tar.gz cpython-784ba7c8ad53638c94270011d55d2536ff0cd2dd.tar.bz2 | |
bpo-29697: Don't use OpenSSL <1.0.2 fallback on 1.1+ (#397)
| -rw-r--r-- | Modules/_ssl.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index b198857..c0a7b8e 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -2729,12 +2729,12 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version) #endif -#ifndef OPENSSL_NO_ECDH +#if !defined(OPENSSL_NO_ECDH) && !defined(OPENSSL_VERSION_1_1) /* Allow automatic ECDH curve selection (on OpenSSL 1.0.2+), or use prime256v1 by default. This is Apache mod_ssl's initialization policy, so we should be safe. OpenSSL 1.1 has it enabled by default. */ -#if defined(SSL_CTX_set_ecdh_auto) && !defined(OPENSSL_VERSION_1_1) +#if defined(SSL_CTX_set_ecdh_auto) SSL_CTX_set_ecdh_auto(self->ctx, 1); #else { |