From e073ff3c736f70fbf0ae9767db9b223becee0b4e Mon Sep 17 00:00:00 2001
From: Kali Kaneko <kali@leap.se>
Date: Wed, 26 Nov 2014 21:06:25 +0100
Subject: force tls v1 in soledad client. Partially fixes #6437

---
 client/changes/bug_6437_use_tls            | 1 +
 client/src/leap/soledad/client/__init__.py | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 client/changes/bug_6437_use_tls

diff --git a/client/changes/bug_6437_use_tls b/client/changes/bug_6437_use_tls
new file mode 100644
index 00000000..7138d962
--- /dev/null
+++ b/client/changes/bug_6437_use_tls
@@ -0,0 +1 @@
+  o Use TLS v1 in soledad client. Fixes partially #6437
diff --git a/client/src/leap/soledad/client/__init__.py b/client/src/leap/soledad/client/__init__.py
index 586e3389..4703133c 100644
--- a/client/src/leap/soledad/client/__init__.py
+++ b/client/src/leap/soledad/client/__init__.py
@@ -1335,7 +1335,8 @@ class VerifiedHTTPSConnection(httplib.HTTPSConnection):
 
         self.sock = ssl.wrap_socket(sock,
                                     ca_certs=SOLEDAD_CERT,
-                                    cert_reqs=ssl.CERT_REQUIRED)
+                                    cert_reqs=ssl.CERT_REQUIRED,
+                                    ssl_version=ssl.PROTOCOL_TLSv1)
         match_hostname(self.sock.getpeercert(), self.host)
 
 
-- 
cgit v1.2.3