From 438c1fbc7dddcbddd234db3806a4d6b5770d9904 Mon Sep 17 00:00:00 2001
From: Maximilian Hils <git@maximilianhils.com>
Date: Mon, 15 Dec 2014 12:32:36 +0100
Subject: [PATCH] TCPClient: Use TLS1.1+ where available, BaseHandler: disable
 SSLv2

---
 netlib/tcp.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/netlib/tcp.py b/netlib/tcp.py
index 1c3bf2308..7010eef0c 100644
--- a/netlib/tcp.py
+++ b/netlib/tcp.py
@@ -16,6 +16,8 @@ SSLv2_METHOD = SSL.SSLv2_METHOD
 SSLv3_METHOD = SSL.SSLv3_METHOD
 SSLv23_METHOD = SSL.SSLv23_METHOD
 TLSv1_METHOD = SSL.TLSv1_METHOD
+OP_NO_SSLv2 = SSL.OP_NO_SSLv2
+OP_NO_SSLv3 = SSL.OP_NO_SSLv3
 
 
 class NetLibError(Exception): pass
@@ -288,7 +290,7 @@ class TCPClient(_Connection):
         self.ssl_established = False
         self.sni = None
 
-    def convert_to_ssl(self, cert=None, sni=None, method=TLSv1_METHOD, options=None, cipher_list=None):
+    def convert_to_ssl(self, cert=None, sni=None, method=SSLv23_METHOD, options=(OP_NO_SSLv2 | OP_NO_SSLv3), cipher_list=None):
         """
             cert: Path to a file containing both client cert and private key.
 
@@ -362,7 +364,7 @@ class BaseHandler(_Connection):
         self.ssl_established = False
         self.clientcert = None
 
-    def _create_ssl_context(self, cert, key, method=SSLv23_METHOD, options=None,
+    def _create_ssl_context(self, cert, key, method=SSLv23_METHOD, options=OP_NO_SSLv2,
                            handle_sni=None, request_client_cert=None, cipher_list=None,
                            dhparams=None, chain_file=None):
         """