botocore-2922.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

From 59489584f929b2893a5909c9009d3bdd556552a9 Mon Sep 17 00:00:00 2001
From: Nate Prewitt <nate.prewitt@gmail.com>
Date: Mon, 20 Feb 2023 11:17:51 -0700
Subject: [PATCH] Defer to system defaults for cipher suites with urllib3 2.0+

---
 botocore/httpsession.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/botocore/httpsession.py b/botocore/httpsession.py
index 97a03644d6..48e2e5d269 100644
--- a/botocore/httpsession.py
+++ b/botocore/httpsession.py
@@ -20,7 +20,6 @@
 from urllib3.exceptions import SSLError as URLLib3SSLError
 from urllib3.util.retry import Retry
 from urllib3.util.ssl_ import (
-    DEFAULT_CIPHERS,
     OP_NO_COMPRESSION,
     PROTOCOL_TLS,
     OP_NO_SSLv2,
@@ -49,6 +48,14 @@
 except ImportError:
     from urllib3.util.ssl_ import SSLContext
 
+try:
+    from urllib3.util.ssl_ import DEFAULT_CIPHERS
+except ImportError:
+    # Defer to system configuration starting with
+    # urllib3 2.0. This will choose the ciphers provided by
+    # Openssl 1.1.1+ or secure system defaults.
+    DEFAULT_CIPHERS = None
+
 import botocore.awsrequest
 from botocore.compat import (
     IPV6_ADDRZ_RE,