From 784ba7c8ad53638c94270011d55d2536ff0cd2dd Mon Sep 17 00:00:00 2001
From: Donald Stufft <donald@stufft.io>
Date: Thu, 2 Mar 2017 12:32:13 -0500
Subject: [PATCH] bpo-29697: Don't use OpenSSL <1.0.2 fallback on 1.1+ (#397)

---
 Modules/_ssl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index b198857060..c0a7b8e105 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -2729,12 +2729,12 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
 #endif
 
 
-#ifndef OPENSSL_NO_ECDH
+#if !defined(OPENSSL_NO_ECDH) && !defined(OPENSSL_VERSION_1_1)
     /* Allow automatic ECDH curve selection (on OpenSSL 1.0.2+), or use
        prime256v1 by default.  This is Apache mod_ssl's initialization
        policy, so we should be safe. OpenSSL 1.1 has it enabled by default.
      */
-#if defined(SSL_CTX_set_ecdh_auto) && !defined(OPENSSL_VERSION_1_1)
+#if defined(SSL_CTX_set_ecdh_auto)
     SSL_CTX_set_ecdh_auto(self->ctx, 1);
 #else
     {
-- 
2.50.1