Add OP_NO_SSLv2 to default SSLContext options.

author: Guido van Rossum <guido@python.org> 2013-10-16 08:35:41 -0700
committer: Guido van Rossum <guido@python.org> 2013-10-16 08:35:41 -0700
commit: 32d68ad7bcac289075b6fb9dce098236ed283eb0 (patch)
tree: b148511e5e0a22ec656bcbf54aaa729e73b084c3
parent: 5da72a85634fa05fd285c8b9d172552c207f4bcf (diff)
download: trollius-32d68ad7bcac289075b6fb9dce098236ed283eb0.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/tulip/selector_events.py b/tulip/selector_events.py
index 40d7068..548c504 100644
--- a/tulip/selector_events.py
+++ b/tulip/selector_events.py
@@ -517,7 +517,10 @@ class _SelectorSslTransport(_SelectorTransport):
                 sslcontext, ssl.SSLContext), 'Must pass an SSLContext'
         else:
             # Client-side may pass ssl=True to use a default context.
-            sslcontext = sslcontext or ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+            # The default is the same as used by urllib.
+            if sslcontext is None:
+                sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+                sslcontext.options |= ssl.OP_NO_SSLv2
         wrap_kwargs = {
             'server_side': server_side,
             'do_handshake_on_connect': False,
author	Guido van Rossum <guido@python.org>	2013-10-16 08:35:41 -0700
committer	Guido van Rossum <guido@python.org>	2013-10-16 08:35:41 -0700
commit	32d68ad7bcac289075b6fb9dce098236ed283eb0 (patch)
tree	b148511e5e0a22ec656bcbf54aaa729e73b084c3
parent	5da72a85634fa05fd285c8b9d172552c207f4bcf (diff)
download	trollius-32d68ad7bcac289075b6fb9dce098236ed283eb0.tar.gz