From e422658ad5e4a011f6a4cf16a6828b367e9ae69c Mon Sep 17 00:00:00 2001
From: Mark Bishop <mbishop@duosecurity.com>
Date: Fri, 2 Oct 2020 13:16:43 -0400
Subject: Disallow SSLv2 and SSLv3

---
 https_wrapper.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/https_wrapper.py b/https_wrapper.py
index 97c8f3c..2679aba 100644
--- a/https_wrapper.py
+++ b/https_wrapper.py
@@ -120,7 +120,7 @@ class CertValidatingHTTPSConnection(http_client.HTTPConnection):
     if self.cert_file:
         context.load_cert_chain(self.cert_file, keyfile=self.key_file)
 
-    context.options = self.cert_reqs
+    context.options = self.cert_reqs | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3
     self.sock = context.wrap_socket(self.sock, server_hostname=self.host)
 
     if self.cert_reqs & ssl.CERT_REQUIRED:
-- 
cgit v1.2.3