use context.minimum_version in py3.7+ where available (#1714)

2021-06-28 13:12:30 +01:00 · 2021-06-28 13:12:30 +01:00 · 1737fc6229
commit 1737fc6229
parent 3d192aed45
1 changed files with 11 additions and 3 deletions
--- a/httpx/_compat.py
+++ b/httpx/_compat.py
@ -14,11 +14,19 @@ except ImportError:


 def set_minimum_tls_version_1_2(context: ssl.SSLContext) -> None:
-    if sys.version_info >= (3, 10):
+    if sys.version_info >= (3, 10) or (
+        sys.version_info >= (3, 7) and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0, 7)
+    ):
+        # The OP_NO_SSL* and OP_NO_TLS* become deprecated in favor of
+        # 'SSLContext.minimum_version' from Python 3.7 onwards, however
+        # this attribute is not available unless the ssl module is compiled
+        # with OpenSSL 1.1.0g or newer.
+        # https://docs.python.org/3.10/library/ssl.html#ssl.SSLContext.minimum_version
+        # https://docs.python.org/3.7/library/ssl.html#ssl.SSLContext.minimum_version
        context.minimum_version = ssl.TLSVersion.TLSv1_2
    else:
-        # These become deprecated in favor of 'context.minimum_version'
-        # from Python 3.10 onwards.
+        # If 'minimum_version' isn't available, we configure these options with
+        # the older deprecated variants.
        context.options |= ssl.OP_NO_SSLv2
        context.options |= ssl.OP_NO_SSLv3
        context.options |= ssl.OP_NO_TLSv1