@@ -1213,6 +1213,8 @@ def get_server_settings(cls):
12131213 'ssl_cert_file' : SSL_CERT_FILE ,
12141214 'ssl_key_file' : SSL_KEY_FILE ,
12151215 'ssl_ca_file' : CLIENT_CA_CERT_FILE ,
1216+ 'ssl_min_protocol_version' : 'TLSv1.2' ,
1217+ 'ssl_max_protocol_version' : 'TLSv1.2' ,
12161218 })
12171219
12181220 return conf
@@ -1408,6 +1410,42 @@ async def test_executemany_uvloop_ssl_issue_700(self):
14081410 finally :
14091411 await con .close ()
14101412
1413+ async def test_tls_version (self ):
1414+ # XXX: uvloop artifact
1415+ old_handler = self .loop .get_exception_handler ()
1416+ try :
1417+ self .loop .set_exception_handler (lambda * args : None )
1418+ with self .assertRaisesRegex (ssl .SSLError , 'protocol version' ):
1419+ await self .connect (
1420+ dsn = 'postgresql://ssl_user@localhost/postgres'
1421+ '?sslmode=require&ssl_min_protocol_version=TLSv1.3'
1422+ )
1423+ with self .assertRaisesRegex (ssl .SSLError , 'protocol version' ):
1424+ await self .connect (
1425+ dsn = 'postgresql://ssl_user@localhost/postgres'
1426+ '?sslmode=require'
1427+ '&ssl_min_protocol_version=TLSv1.1'
1428+ '&ssl_max_protocol_version=TLSv1.1'
1429+ )
1430+ with self .assertRaisesRegex (ssl .SSLError , 'no protocols' ):
1431+ await self .connect (
1432+ dsn = 'postgresql://ssl_user@localhost/postgres'
1433+ '?sslmode=require'
1434+ '&ssl_min_protocol_version=TLSv1.2'
1435+ '&ssl_max_protocol_version=TLSv1.1'
1436+ )
1437+ con = await self .connect (
1438+ dsn = 'postgresql://ssl_user@localhost/postgres?sslmode=require'
1439+ '&ssl_min_protocol_version=TLSv1.2'
1440+ '&ssl_max_protocol_version=TLSv1.2'
1441+ )
1442+ try :
1443+ self .assertEqual (await con .fetchval ('SELECT 42' ), 42 )
1444+ finally :
1445+ await con .close ()
1446+ finally :
1447+ self .loop .set_exception_handler (old_handler )
1448+
14111449
14121450@unittest .skipIf (os .environ .get ('PGHOST' ), 'unmanaged cluster' )
14131451class TestClientSSLConnection (BaseTestSSLConnection ):
0 commit comments