1 Description: Always enforce TLSv1
2 Upstream allows SSLv23, but we don't want this, we want TLSv1 always, as
3 we shouldn't trust lower types of crypto.
4 Author: Thomas Goirand <zigo@debian.org>
6 Last-Update: 2015-05-21
8 --- python-eventlet-0.17.3.orig/eventlet/convenience.py
9 +++ python-eventlet-0.17.3/eventlet/convenience.py
10 @@ -139,7 +139,7 @@ except ImportError:
11 do_handshake_on_connect=True,
12 suppress_ragged_eofs=True, ciphers=None):
13 # theoretically the ssl_version could be respected in this line
14 - context = SSL.Context(SSL.SSLv23_METHOD)
15 + context = SSL.Context(SSL.TLSv1_METHOD)
16 if certfile is not None:
17 context.use_certificate_file(certfile)
18 if keyfile is not None: