bpo-29697: Don't use OpenSSL <1.0.2 fallback on 1.1+ (GH-395) · python/cpython@8ae264c (original) (raw)

Original file line number	Diff line number	Diff line change
@@ -2728,12 +2728,12 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
2728	2728	#endif
2729	2729
2730	2730
2731		-#ifndef OPENSSL_NO_ECDH
	2731	+#if !defined(OPENSSL_NO_ECDH) && !defined(OPENSSL_VERSION_1_1)
2732	2732	/* Allow automatic ECDH curve selection (on OpenSSL 1.0.2+), or use
2733	2733	prime256v1 by default. This is Apache mod_ssl's initialization
2734	2734	policy, so we should be safe. OpenSSL 1.1 has it enabled by default.
2735	2735	*/
2736		-#if defined(SSL_CTX_set_ecdh_auto) && !defined(OPENSSL_VERSION_1_1)
	2736	+#if defined(SSL_CTX_set_ecdh_auto)
2737	2737	SSL_CTX_set_ecdh_auto(self->ctx, 1);
2738	2738	#else
2739	2739	{