From 6a349b9c30b886baadbd56d07983129592d7f29c Mon Sep 17 00:00:00 2001
From: Kovid Goyal <kovid@kovidgoyal.net>
Date: Tue, 16 Dec 2014 09:00:50 +0530
Subject: [PATCH] Use TLS 1.2 when available for https

---
 setup/linux-installer.py   | 5 ++++-
 src/calibre/utils/https.py | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/setup/linux-installer.py b/setup/linux-installer.py
index 2324b6a30f..7d1c79eda3 100644
--- a/setup/linux-installer.py
+++ b/setup/linux-installer.py
@@ -546,7 +546,10 @@ def get_https_resource_securely(url, timeout=60, max_redirects=5, ssl_version=No
     server's certificates.
     '''
     if ssl_version is None:
-        ssl_version = ssl.PROTOCOL_TLSv1
+        try:
+            ssl_version = ssl.PROTOCOL_TLSv1_2
+        except AttributeError:
+            ssl_version = ssl.PROTOCOL_TLSv1  # old python
     with tempfile.NamedTemporaryFile(prefix='calibre-ca-cert-') as f:
         f.write(CACERT)
         f.flush()
diff --git a/src/calibre/utils/https.py b/src/calibre/utils/https.py
index e37b556682..462440d1d6 100644
--- a/src/calibre/utils/https.py
+++ b/src/calibre/utils/https.py
@@ -162,7 +162,10 @@ def get_https_resource_securely(
     server's certificates.
     '''
     if ssl_version is None:
-        ssl_version = ssl.PROTOCOL_TLSv1
+        try:
+            ssl_version = ssl.PROTOCOL_TLSv1_2
+        except AttributeError:
+            ssl_version = ssl.PROTOCOL_TLSv1  # old python
     cacerts = P(cacerts, allow_user_override=False)
     p = urlparse(url)
     if p.scheme != 'https':