diff options
Diffstat (limited to 'Modules/_ssl.c')
| -rw-r--r-- | Modules/_ssl.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 4b02d8d..8789d00 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -1737,6 +1737,7 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds) char *kwlist[] = {"protocol", NULL}; PySSLContext *self; int proto_version = PY_SSL_VERSION_SSL23; + long options; SSL_CTX *ctx = NULL; if (!PyArg_ParseTupleAndKeywords( @@ -1782,8 +1783,10 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds) #endif /* Defaults */ SSL_CTX_set_verify(self->ctx, SSL_VERIFY_NONE, NULL); - SSL_CTX_set_options(self->ctx, - SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); + options = SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; + if (proto_version != PY_SSL_VERSION_SSL2) + options |= SSL_OP_NO_SSLv2; + SSL_CTX_set_options(self->ctx, options); #define SID_CTX "Python" SSL_CTX_set_session_id_context(self->ctx, (const unsigned char *) SID_CTX, |