From 28eb87f4f558952f259fada7be1ab5b31b8a91ef Mon Sep 17 00:00:00 2001
From: stratakis <cstratak@redhat.com>
Date: Fri, 15 Feb 2019 17:18:58 +0100
Subject: Fixup from test_ssl test_default_ecdh_curve (GH-11877)

Partial backport from cb5b68abdeb1b1d56c581d5b4d647018703d61e3

Co-authored-by: Christian Heimes <christian@python.org>
---
 Lib/test/test_ssl.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 00c8302..01e5432 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -2860,6 +2860,9 @@ else:
             # should be enabled by default on SSL contexts.
             context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
             context.load_cert_chain(CERTFILE)
+            # TLSv1.3 defaults to PFS key agreement and no longer has KEA in
+            # cipher name.
+            context.options |= ssl.OP_NO_TLSv1_3
             # Prior to OpenSSL 1.0.0, ECDH ciphers have to be enabled
             # explicitly using the 'ECCdraft' cipher alias.  Otherwise,
             # our default cipher list should prefer ECDH-based ciphers
-- 
cgit v0.12