@@ -51,22 +51,15 @@ def __init__(self, client_cert=None, ca_cert=None, verify=None,
5151 # majority of users with reasonably up-to-date software. However,
5252 # before doing so, detect openssl version to ensure we can support
5353 # it.
54-
55- # ssl.OPENSSL_VERSION_INFO returns a tuple of 5 integers
56- # representing version info. We want any OpenSSL version greater
57- # than 1.0.1. Python compares tuples lexigraphically, which means
58- # this comparison will work.
59- if ssl .OPENSSL_VERSION_INFO > (1 , 0 , 1 , 0 , 0 ):
60- # If this version is high enough to support TLSv1_2, then we
61- # should use it.
62- self .ssl_version = ssl .PROTOCOL_TLSv1_2
54+ if ssl .OPENSSL_VERSION_INFO [:3 ] >= (1 , 0 , 1 ) and hasattr (
55+ ssl , 'PROTOCOL_TLSv1_2' ):
56+ # If the OpenSSL version is high enough to support TLSv1_2,
57+ # then we should use it.
58+ self .ssl_version = getattr (ssl , 'PROTOCOL_TLSv1_2' )
6359 else :
64- # If we can't, use a differnent default. Before the commit
65- # introducing this version detection, the comment read:
66- # >>> TLS v1.0 seems to be the safest default; SSLv23 fails in
67- # >>> mysterious ways:
68- # >>> https://github.com/docker/docker-py/issues/963
69- # Which is why we choose PROTOCOL_TLSv1
60+ # Otherwise, TLS v1.0 seems to be the safest default;
61+ # SSLv23 fails in mysterious ways:
62+ # https://github.com/docker/docker-py/issues/963
7063 self .ssl_version = ssl .PROTOCOL_TLSv1
7164
7265 # "tls" and "tls_verify" must have both or neither cert/key files In
0 commit comments