From 44d65de53a2227ea24e84b6a4ff2e43cb06391a6 Mon Sep 17 00:00:00 2001
From: Ben Darnell <ben@bendarnell.com>
Date: Sat, 10 Aug 2019 22:00:41 -0400
Subject: [PATCH] test: Disable TLS 1.3 in one test

This test started failing on windows CI with an upgrade to python
3.7.4 (which bundles a newer version of openssl). Disable tls 1.3 for
now.

Possibly related to #2536
---
 tornado/test/iostream_test.py | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/tornado/test/iostream_test.py b/tornado/test/iostream_test.py
index 5d150f9660..f3cd9a6de9 100644
--- a/tornado/test/iostream_test.py
+++ b/tornado/test/iostream_test.py
@@ -1037,9 +1037,16 @@ def connect_to_server(self, server_cls):
             server = server_cls(ssl_options=_server_ssl_options())
             server.add_socket(sock)
 
-            client = SSLIOStream(
-                socket.socket(), ssl_options=dict(cert_reqs=ssl.CERT_NONE)
-            )
+            ssl_ctx = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
+            ssl_ctx.check_hostname = False
+            ssl_ctx.verify_mode = ssl.CERT_NONE
+            # These tests fail with ConnectionAbortedErrors with TLS
+            # 1.3 on windows python 3.7.4 (which includes an upgrade
+            # to openssl 1.1.c. Other platforms might be affected with
+            # newer openssl too). Disable it until we figure out
+            # what's up.
+            ssl_ctx.options |= getattr(ssl, "OP_NO_TLSv1_3", 0)
+            client = SSLIOStream(socket.socket(), ssl_options=ssl_ctx)
             yield client.connect(("127.0.0.1", port))
             self.assertIsNotNone(client.socket.cipher())
         finally: