From b01fe34e5633768052e70d88e7e8db84368f93e3 Mon Sep 17 00:00:00 2001
From: benoitc <bchesneau@gmail.com>
Date: Fri, 22 Nov 2019 15:34:07 +0100
Subject: [PATCH] use hight protocol version of openssl by default

---
 gunicorn/config.py | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/gunicorn/config.py b/gunicorn/config.py
index d165f256..086725bd 100644
--- a/gunicorn/config.py
+++ b/gunicorn/config.py
@@ -1895,6 +1895,20 @@ class SSLVersion(Setting):
     section = "SSL"
     cli = ["--ssl-version"]
     validator = validate_ssl_version
+
+    if hasattr(ssl, "PROTOCOL_TLS"):
+        default = ssl.PROTOCOL_TLS
+    else:
+        default = ssl.PROTOCOL_SSLv23
+
+    desc = """\
+    SSL version to use (see stdlib ssl module's)
+
+    .. versionchanged:: 20.0.1
+       The default value has been changed from ``ssl.PROTOCOL_SSLv23`` to
+       ``ssl.PROTOCOL_TLS`` when Python >= 3.6 .
+
+    """
     default = ssl.PROTOCOL_SSLv23
     desc = """\
     SSL version to use.