From: stratakis <cstratak@redhat.com>
Date: Fri, 15 Feb 2019 16:18:58 +0000 (+0100)
Subject: Fixup from test_ssl test_default_ecdh_curve (GH-11877)
X-Git-Tag: v2.7.16rc1~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=28eb87f4f558952f259fada7be1ab5b31b8a91ef;p=thirdparty%2FPython%2Fcpython.git

Fixup from test_ssl test_default_ecdh_curve (GH-11877)

Partial backport from cb5b68abdeb1b1d56c581d5b4d647018703d61e3

Co-authored-by: Christian Heimes <christian@python.org>
---

diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 00c83023f0b1..01e543241cfd 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -2860,6 +2860,9 @@ else:
             # should be enabled by default on SSL contexts.
             context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
             context.load_cert_chain(CERTFILE)
+            # TLSv1.3 defaults to PFS key agreement and no longer has KEA in
+            # cipher name.
+            context.options |= ssl.OP_NO_TLSv1_3
             # Prior to OpenSSL 1.0.0, ECDH ciphers have to be enabled
             # explicitly using the 'ECCdraft' cipher alias.  Otherwise,
             # our default cipher list should prefer ECDH-based ciphers