minimum version

youknowone · youknowone · commit 1726311702a6 · 2025-10-27T20:06:00.000+09:00
maximum version

munmark tests
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
@@ -3263,7 +3263,6 @@ def test_check_hostname_idn(self, warnings_filters=True):
                 server_hostname=b'k\xf6nig.idn.pythontest.net',
             )
 
-    @unittest.expectedFailure  # TODO: RUSTPYTHON
     def test_wrong_cert_tls12(self):
         """Connecting when the server rejects the client's certificate
 
@@ -4042,7 +4041,6 @@ def test_min_max_version_sslv3(self):
                 s.connect((HOST, server.port))
                 self.assertEqual(s.version(), 'SSLv3')
 
-    @unittest.expectedFailure  # TODO: RUSTPYTHON
     def test_default_ecdh_curve(self):
         # Issue #21015: elliptic curve-based Diffie Hellman key exchange
         # should be enabled by default on SSL contexts.
diff --git a/stdlib/src/ssl.rs b/stdlib/src/ssl.rs
@@ -802,6 +802,47 @@ mod _ssl {
             self.check_hostname.store(ch);
         }
 
+        // PY_PROTO_MINIMUM_SUPPORTED = -2, PY_PROTO_MAXIMUM_SUPPORTED = -1
+        #[pygetset]
+        fn minimum_version(&self) -> i32 {
+            let ctx = self.ctx();
+            let version = unsafe { sys::SSL_CTX_get_min_proto_version(ctx.as_ptr()) };
+            if version == 0 {
+                -2 // PY_PROTO_MINIMUM_SUPPORTED
+            } else {
+                version
+            }
+        }
+        #[pygetset(setter)]
+        fn set_minimum_version(&self, value: i32, vm: &VirtualMachine) -> PyResult<()> {
+            let ctx = self.builder();
+            let result = unsafe { sys::SSL_CTX_set_min_proto_version(ctx.as_ptr(), value) };
+            if result == 0 {
+                return Err(vm.new_value_error("invalid protocol version"));
+            }
+            Ok(())
+        }
+
+        #[pygetset]
+        fn maximum_version(&self) -> i32 {
+            let ctx = self.ctx();
+            let version = unsafe { sys::SSL_CTX_get_max_proto_version(ctx.as_ptr()) };
+            if version == 0 {
+                -1 // PY_PROTO_MAXIMUM_SUPPORTED
+            } else {
+                version
+            }
+        }
+        #[pygetset(setter)]
+        fn set_maximum_version(&self, value: i32, vm: &VirtualMachine) -> PyResult<()> {
+            let ctx = self.builder();
+            let result = unsafe { sys::SSL_CTX_set_max_proto_version(ctx.as_ptr(), value) };
+            if result == 0 {
+                return Err(vm.new_value_error("invalid protocol version"));
+            }
+            Ok(())
+        }
+
         #[pymethod]
         fn set_default_verify_paths(&self, vm: &VirtualMachine) -> PyResult<()> {
             cfg_if::cfg_if! {
