bpo-29697: Don't use OpenSSL <1.0.2 fallback on 1.1+ (GH-395) · python/cpython@8ae264c (original) (raw)

Original file line number Diff line number Diff line change
@@ -2728,12 +2728,12 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
2728 2728 #endif
2729 2729
2730 2730
2731 -#ifndef OPENSSL_NO_ECDH
2731 +#if !defined(OPENSSL_NO_ECDH) && !defined(OPENSSL_VERSION_1_1)
2732 2732 /* Allow automatic ECDH curve selection (on OpenSSL 1.0.2+), or use
2733 2733 prime256v1 by default. This is Apache mod_ssl's initialization
2734 2734 policy, so we should be safe. OpenSSL 1.1 has it enabled by default.
2735 2735 */
2736 -#if defined(SSL_CTX_set_ecdh_auto) && !defined(OPENSSL_VERSION_1_1)
2736 +#if defined(SSL_CTX_set_ecdh_auto)
2737 2737 SSL_CTX_set_ecdh_auto(self->ctx, 1);
2738 2738 #else
2739 2739 {