From 21643cd95ed344a0d8f55ff30b60f74afb302f29 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Odd=20Str=C3=A5b=C3=B8?= <oddstr13@openshell.no>
Date: Thu, 16 Apr 2020 03:37:34 +0200
Subject: [PATCH] Disable TLSv1.0 and TLSv1.1 in websocket lib

These protocols are disabled by default in modern browsers
as of March/April 2020.
---
 jellyfin_kodi/jellyfin/websocket.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/jellyfin_kodi/jellyfin/websocket.py b/jellyfin_kodi/jellyfin/websocket.py
index fdb8ce00..87544e61 100644
--- a/jellyfin_kodi/jellyfin/websocket.py
+++ b/jellyfin_kodi/jellyfin/websocket.py
@@ -139,6 +139,8 @@ def _wrap_sni_socket(sock, sslopt, hostname):
     context = ssl.SSLContext(sslopt.get('ssl_version', ssl.PROTOCOL_TLS))
     context.options |= ssl.OP_NO_SSLv2  # Explicitly disable SSLv2
     context.options |= ssl.OP_NO_SSLv3  # Explicitly disable SSLv3
+    context.options |= ssl.OP_NO_TLSv1  # Explicitly disable TLSv1.0
+    context.options |= ssl.OP_NO_TLSv1_1  # Explicitly disable TLSv1.1
 
     if sslopt.get('cert_reqs', ssl.CERT_NONE) != ssl.CERT_NONE:
         capath = ssl.get_default_verify_paths().capath