[3.7] bpo-31453: Add setter for min/max protocol version (GH-5259) by miss-islington · Pull Request #5926 · python/cpython (original) (raw)

OpenSSL 1.1 has introduced a new API to set the minimum and maximum
supported protocol version. The API is easier to use than the old
OP_NO_TLS1 option flags, too.

Since OpenSSL has no call to set minimum version to highest supported,
the implementation emulate maximum_version = MINIMUM_SUPPORTED and
minimum_version = MAXIMUM_SUPPORTED by figuring out the minumum and
maximum supported version at compile time.

Signed-off-by: Christian Heimes christian@python.org
(cherry picked from commit 698dde1)

Co-authored-by: Christian Heimes christian@python.org

https://bugs.python.org/issue31453