1 This patch comes from in-house, and will not be passed upstream, since

     2 Python 2.6 has been abandoned in favor of later versions.

     3 

     4 --- Python-2.6.8/Modules/_ssl.c.~2~	2014-12-16 00:06:40.398956147 -0800

     5 +++ Python-2.6.8/Modules/_ssl.c	2015-01-08 12:43:53.326916627 -0800

     6 @@ -269,6 +269,7 @@

     7      char *errstr = NULL;

     8      int ret;

     9      int verification_mode;

    10 +    long options;

    11  

    12      self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */

    13      if (self == NULL)

    14 @@ -359,8 +360,12 @@

    15      }

    16  

    17      /* ssl compatibility */

    18 -    SSL_CTX_set_options(self->ctx,

    19 -                        SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);

    20 +    options = SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;

    21 +    if (proto_version != PY_SSL_VERSION_SSL2)

    22 +        options |= SSL_OP_NO_SSLv2;

    23 +    if (proto_version != PY_SSL_VERSION_SSL3)

    24 +        options |= SSL_OP_NO_SSLv3;

    25 +    SSL_CTX_set_options(self->ctx, options);

    26  

    27      verification_mode = SSL_VERIFY_NONE;

    28      if (certreq == PY_SSL_CERT_OPTIONAL)