Fixup from test_ssl test_default_ecdh_curve (GH-11877)

author stratakis <cstratak@redhat.com>

Fri, 15 Feb 2019 16:18:58 +0000 (17:18 +0100)

committer Victor Stinner <vstinner@redhat.com>

Fri, 15 Feb 2019 16:18:58 +0000 (17:18 +0100)
author stratakis <cstratak@redhat.com>
Fri, 15 Feb 2019 16:18:58 +0000 (17:18 +0100)
committer Victor Stinner <vstinner@redhat.com>
Fri, 15 Feb 2019 16:18:58 +0000 (17:18 +0100)
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py

index 00c83023f0b1bb2d54b7c2d2951c50b1bd60c5f5..01e543241cfd64a19df2c89c2c22f3f8a464ce4f 100644 (file)
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -2860,6 +2860,9 @@ else:
              # should be enabled by default on SSL contexts.
              context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
              context.load_cert_chain(CERTFILE)
+            # TLSv1.3 defaults to PFS key agreement and no longer has KEA in
+            # cipher name.
+            context.options |= ssl.OP_NO_TLSv1_3
              # Prior to OpenSSL 1.0.0, ECDH ciphers have to be enabled
              # explicitly using the 'ECCdraft' cipher alias.  Otherwise,
              # our default cipher list should prefer ECDH-based ciphers
author	stratakis <cstratak@redhat.com>
	Fri, 15 Feb 2019 16:18:58 +0000 (17:18 +0100)
committer	Victor Stinner <vstinner@redhat.com>
	Fri, 15 Feb 2019 16:18:58 +0000 (17:18 +0100)