Fixup from test_ssl test_default_ecdh_curve (GH-11877)

Partial backport from cb5b68abCo-authored-by: Christian Heimes <christian@python.org>

Fixup from test_ssl test_default_ecdh_curve (GH-11877)
Partial backport from cb5b68abCo-authored-by: Christian Heimes <christian@python.org>
28eb87f4 · stratakis · Victor Stinner · b8eaec69 · 28eb87f4
Commit 28eb87f4 authored Feb 15, 2019 by stratakis Committed by Victor Stinner Feb 15, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

Lib/test/test_ssl.py Lib/test/test_ssl.py +3 -0

No files found.
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -2860,6 +2860,9 @@ else:
            # should be enabled by default on SSL contexts.
            context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
            context.load_cert_chain(CERTFILE)
+            # TLSv1.3 defaults to PFS key agreement and no longer has KEA in
+            # cipher name.
+            context.options |= ssl.OP_NO_TLSv1_3
            # Prior to OpenSSL 1.0.0, ECDH ciphers have to be enabled
            # explicitly using the 'ECCdraft' cipher alias.  Otherwise,
            # our default cipher list should prefer ECDH-based ciphers