Try to fix buildbot failures on old OpenSSLs (< 1.0.0) - followup to issue #21015

author Antoine Pitrou <solipsis@pitrou.net>

Wed, 16 Apr 2014 16:33:39 +0000 (18:33 +0200)

committer Antoine Pitrou <solipsis@pitrou.net>

Wed, 16 Apr 2014 16:33:39 +0000 (18:33 +0200)
author Antoine Pitrou <solipsis@pitrou.net>
Wed, 16 Apr 2014 16:33:39 +0000 (18:33 +0200)
committer Antoine Pitrou <solipsis@pitrou.net>
Wed, 16 Apr 2014 16:33:39 +0000 (18:33 +0200)
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py

index 331d6ba7126d632b678eb1a5524e1accdf2561fb..2b3de1f477e613968f93b44dfb561a4414f35507 100644 (file)
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -2593,7 +2593,12 @@ else:
              # should be enabled by default on SSL contexts.
              context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
              context.load_cert_chain(CERTFILE)
-            context.set_ciphers("ECDH")
+            # Prior to OpenSSL 1.0.0, ECDH ciphers have to be enabled
+            # explicitly using the 'ECCdraft' cipher alias.  Otherwise,
+            # our default cipher list should prefer ECDH-based ciphers
+            # automatically.
+            if ssl.OPENSSL_VERSION_INFO < (1, 0, 0):
+                context.set_ciphers("ECCdraft:ECDH")
              with ThreadedEchoServer(context=context) as server:
                  with context.wrap_socket(socket.socket()) as s:
                      s.connect((HOST, server.port))
author	Antoine Pitrou <solipsis@pitrou.net>
	Wed, 16 Apr 2014 16:33:39 +0000 (18:33 +0200)
committer	Antoine Pitrou <solipsis@pitrou.net>
	Wed, 16 Apr 2014 16:33:39 +0000 (18:33 +0200)