From 9c73259f71549f602396d5087d067ac1a89a716c Mon Sep 17 00:00:00 2001
From: Berker Peksag <berker.peksag@gmail.com>
Date: Mon, 6 Feb 2017 09:10:35 +0300
Subject: [PATCH] Make ssl.PROTOCOL_SSLv23 default for --ssl-version

Fixes #1249
---
 docs/source/news.rst     | 2 ++
 docs/source/settings.rst | 4 ++++
 gunicorn/config.py       | 6 +++++-
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/docs/source/news.rst b/docs/source/news.rst
index d52c0473..e377b4b7 100644
--- a/docs/source/news.rst
+++ b/docs/source/news.rst
@@ -12,6 +12,8 @@ Core
   Use the :ref:`gunicorn-cmd` command-line interface instead.
 - The previously deprecated ``django_settings`` setting has been removed.
   Use the :ref:`raw-env` setting instead.
+- The default value of :ref:`ssl-version` has been changed from
+  ``ssl.PROTOCOL_TLSv1`` to ``ssl.PROTOCOL_SSLv23``.
 
 19.6.0 / 2016/05/21
 ===================
diff --git a/docs/source/settings.rst b/docs/source/settings.rst
index 4fc6f64c..f0b2c463 100644
--- a/docs/source/settings.rst
+++ b/docs/source/settings.rst
@@ -1142,6 +1142,10 @@ ssl_version
 
 SSL version to use (see stdlib ssl module's)
 
+.. versionchanged:: 19.7
+   The default value has been changed from ``ssl.PROTOCOL_TLSv1`` to
+   ``ssl.PROTOCOL_SSLv23``.
+
 .. _cert-reqs:
 
 cert_reqs
diff --git a/gunicorn/config.py b/gunicorn/config.py
index 6dc182c3..6c24aaa1 100644
--- a/gunicorn/config.py
+++ b/gunicorn/config.py
@@ -1755,9 +1755,13 @@ class SSLVersion(Setting):
     section = "SSL"
     cli = ["--ssl-version"]
     validator = validate_pos_int
-    default = ssl.PROTOCOL_TLSv1
+    default = ssl.PROTOCOL_SSLv23
     desc = """\
     SSL version to use (see stdlib ssl module's)
+
+    .. versionchanged:: 19.7
+       The default value has been changed from ``ssl.PROTOCOL_TLSv1`` to
+       ``ssl.PROTOCOL_SSLv23``.
     """
 
 class CertReqs(Setting):