From 95b616480e7c17d85c2c3623bd2f6be51fd42139 Mon Sep 17 00:00:00 2001
From: Antoine Pitrou <solipsis@pitrou.net>
Date: Fri, 17 Oct 2014 19:28:30 +0200
Subject: [PATCH] Backport disabling of SSLv3 in ssl._create_stdlib_context()
 (issue #22638).

The backport currently doesn't achieve anything since the function isn't used (yet).
---
 Lib/ssl.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Lib/ssl.py b/Lib/ssl.py
index dea893cf77..025aadeff4 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -445,6 +445,9 @@ def _create_stdlib_context(protocol=PROTOCOL_SSLv23, cert_reqs=None,
     context = SSLContext(protocol)
     # SSLv2 considered harmful.
     context.options |= OP_NO_SSLv2
+    # SSLv3 has problematic security and is only required for really old
+    # clients such as IE6 on Windows XP
+    context.options |= OP_NO_SSLv3
 
     if cert_reqs is not None:
         context.verify_mode = cert_reqs
-- 
2.50.1