apply TLS minimums on 3.6 too

diff --git a/dns/asyncquery.py b/dns/asyncquery.py
index e5a318390f26dbe72fb856966c25861f8ca36ad7..13f687fb37501d9c42191cf2b3d4973b7bd65b39 100644 (file)
--- a/dns/asyncquery.py
+++ b/dns/asyncquery.py
@@ -335,6 +335,8 @@ async def tls(q, where, timeout=None, port=853, source=None, source_port=0,
             ssl_context = ssl.create_default_context()  # lgtm[py/insecure-protocol]
             if sys.version_info >= (3, 7):
                 ssl_context.minimum_version = ssl.TLSVersion.TLSv1_2
+            else:
+                ssl_context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
             if server_hostname is None:
                 ssl_context.check_hostname = False
         else:

diff --git a/dns/query.py b/dns/query.py
index 875fcc0f9ab3a9e94ea471ba715e861931fd9a1a..19894df65913bde5b3da704d74f174040f182799 100644 (file)
--- a/dns/query.py
+++ b/dns/query.py
@@ -869,6 +869,8 @@ def tls(q, where, timeout=None, port=853, source=None, source_port=0,
         ssl_context = ssl.create_default_context()  # lgtm[py/insecure-protocol]
         if sys.version_info >= (3, 7):
             ssl_context.minimum_version = ssl.TLSVersion.TLSv1_2
+        else:
+            ssl_context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
         if server_hostname is None:
             ssl_context.check_hostname = False