From: Antoine Pitrou <solipsis@pitrou.net>
Date: Wed, 16 Apr 2014 16:33:39 +0000 (+0200)
Subject: Try to fix buildbot failures on old OpenSSLs (< 1.0.0) - followup to issue #21015
X-Git-Tag: v3.4.1rc1~61
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c04306166711bd0a12a4cf3f1b8c68fd0fb7e959;p=python

Try to fix buildbot failures on old OpenSSLs (< 1.0.0) - followup to issue #21015
---

diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 331d6ba712..2b3de1f477 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -2593,7 +2593,12 @@ else:
             # should be enabled by default on SSL contexts.
             context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
             context.load_cert_chain(CERTFILE)
-            context.set_ciphers("ECDH")
+            # Prior to OpenSSL 1.0.0, ECDH ciphers have to be enabled
+            # explicitly using the 'ECCdraft' cipher alias.  Otherwise,
+            # our default cipher list should prefer ECDH-based ciphers
+            # automatically.
+            if ssl.OPENSSL_VERSION_INFO < (1, 0, 0):
+                context.set_ciphers("ECCdraft:ECDH")
             with ThreadedEchoServer(context=context) as server:
                 with context.wrap_socket(socket.socket()) as s:
                     s.connect((HOST, server.port))