summaryrefslogtreecommitdiff
path: root/dev-lang/python/files/ssl.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dev-lang/python/files/ssl.patch')
-rw-r--r--dev-lang/python/files/ssl.patch27
1 files changed, 27 insertions, 0 deletions
diff --git a/dev-lang/python/files/ssl.patch b/dev-lang/python/files/ssl.patch
new file mode 100644
index 000000000000..485cd6f74dd2
--- /dev/null
+++ b/dev-lang/python/files/ssl.patch
@@ -0,0 +1,27 @@
+Neuter security level things until LibreSSL supports them.
+
+Index: Modules/_ssl.c
+--- Modules/_ssl.c.orig
++++ Modules/_ssl.c
+@@ -169,7 +169,7 @@ extern const SSL_METHOD *TLSv1_2_method(void);
+ * Based on Hynek's excellent blog post (update 2021-02-11)
+ * https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
+ */
+- #define PY_SSL_DEFAULT_CIPHER_STRING "@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM"
++ #define PY_SSL_DEFAULT_CIPHER_STRING "ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM"
+ #ifndef PY_SSL_MIN_PROTOCOL
+ #define PY_SSL_MIN_PROTOCOL TLS1_2_VERSION
+ #endif
+@@ -3567,6 +3567,12 @@ set_num_tickets(PySSLContext *self, PyObject *arg, voi
+ PyDoc_STRVAR(PySSLContext_num_tickets_doc,
+ "Control the number of TLSv1.3 session tickets");
+ #endif /* TLS1_3_VERSION */
++
++int
++SSL_CTX_get_security_level(const SSL_CTX *ctx)
++{
++ return 1;
++}
+
+ static PyObject *
+ get_security_level(PySSLContext *self, void *c)
generated by cgit v1.3.1 (git 2.54.0) at 2026-06-17 21:07:19 +0000