test: Disable TLS 1.3 in one test

This test started failing on windows CI with an upgrade to python 3.7.4 (which bundles a newer version of openssl). Disable tls 1.3 for now. Possibly related to tornadoweb#2536
bdarnell · Mar 3, 2020 · 44d65de · 44d65de
1 parent 4c2160c
commit 44d65de
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/tornado/test/iostream_test.py b/tornado/test/iostream_test.py
@@ -1037,9 +1037,16 @@ def connect_to_server(self, server_cls):
             server = server_cls(ssl_options=_server_ssl_options())
             server.add_socket(sock)
 
-            client = SSLIOStream(
-                socket.socket(), ssl_options=dict(cert_reqs=ssl.CERT_NONE)
-            )
+            ssl_ctx = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
+            ssl_ctx.check_hostname = False
+            ssl_ctx.verify_mode = ssl.CERT_NONE
+            # These tests fail with ConnectionAbortedErrors with TLS
+            # 1.3 on windows python 3.7.4 (which includes an upgrade
+            # to openssl 1.1.c. Other platforms might be affected with
+            # newer openssl too). Disable it until we figure out
+            # what's up.
+            ssl_ctx.options |= getattr(ssl, "OP_NO_TLSv1_3", 0)
+            client = SSLIOStream(socket.socket(), ssl_options=ssl_ctx)
             yield client.connect(("127.0.0.1", port))
             self.assertIsNotNone(client.socket.cipher())
         finally: