Support to change the options in the SSL context, for the test environment to simulate the server with different tls version protocols.

docs/deployment.md

@@ -117,6 +117,8 @@ Options:
   --ssl-keyfile-password TEXT     SSL keyfile password
   --ssl-version INTEGER           SSL version to use (see stdlib ssl module's)
                                   [default: 17]
+  --ssl-options INTEGER           Options of SSL context to use (see stdlib
+                                  ssl module's)  [default: 0]
   --ssl-cert-reqs INTEGER         Whether client certificate is required (see
                                   stdlib ssl module's)  [default: 0]
   --ssl-ca-certs TEXT             CA certificates file

docs/index.md

@@ -187,6 +187,8 @@ Options:
   --ssl-keyfile-password TEXT     SSL keyfile password
   --ssl-version INTEGER           SSL version to use (see stdlib ssl module's)
                                   [default: 17]
+  --ssl-options INTEGER           Options of SSL context to use (see stdlib
+                                  ssl module's)  [default: 0]
   --ssl-cert-reqs INTEGER         Whether client certificate is required (see
                                   stdlib ssl module's)  [default: 0]
   --ssl-ca-certs TEXT             CA certificates file

docs/settings.md

@@ -105,6 +105,7 @@ The [SSL context](https://docs.python.org/3/library/ssl.html#ssl.SSLContext) can
 * `--ssl-keyfile-password <str>` - The password to decrypt the ssl key.
 * `--ssl-certfile <path>` - The SSL certificate file.
 * `--ssl-version <int>` - The SSL version to use.
+* `--ssl-options <int>` - The options of the SSL context to use.
 * `--ssl-cert-reqs <int>` - Whether client certificate is required.
 * `--ssl-ca-certs <str>` - The CA certificates file.
 * `--ssl-ciphers <str>` - The ciphers to use.

uvicorn/config.py

@@ -112,11 +112,13 @@ def create_ssl_context(
     keyfile: Optional[Union[str, os.PathLike]],
     password: Optional[str],
     ssl_version: int,
+    ssl_options: int,
     cert_reqs: int,
     ca_certs: Optional[Union[str, os.PathLike]],
     ciphers: Optional[str],
 ) -> ssl.SSLContext:
     ctx = ssl.SSLContext(ssl_version)
+    ctx.options = ssl.Options(ssl_options)
     get_password = (lambda: password) if password else None
     ctx.load_cert_chain(certfile, keyfile, get_password)
     ctx.verify_mode = ssl.VerifyMode(cert_reqs)
@@ -229,6 +231,7 @@ def __init__(
         ssl_certfile: "str | os.PathLike[str] | None" = None,
         ssl_keyfile_password: Optional[str] = None,
         ssl_version: int = SSL_PROTOCOL_VERSION,
+        ssl_options: int = 0,
         ssl_cert_reqs: int = ssl.CERT_NONE,
         ssl_ca_certs: Optional[str] = None,
         ssl_ciphers: str = "TLSv1",
@@ -273,6 +276,7 @@ def __init__(
         self.ssl_certfile = ssl_certfile
         self.ssl_keyfile_password = ssl_keyfile_password
         self.ssl_version = ssl_version
+        self.ssl_options = ssl_options
         self.ssl_cert_reqs = ssl_cert_reqs
         self.ssl_ca_certs = ssl_ca_certs
         self.ssl_ciphers = ssl_ciphers
@@ -432,6 +436,7 @@ def load(self) -> None:
                 certfile=self.ssl_certfile,
                 password=self.ssl_keyfile_password,
                 ssl_version=self.ssl_version,
+                ssl_options=self.ssl_options,
                 cert_reqs=self.ssl_cert_reqs,
                 ca_certs=self.ssl_ca_certs,
                 ciphers=self.ssl_ciphers,

uvicorn/main.py

@@ -308,6 +308,13 @@ def print_version(ctx: click.Context, param: click.Parameter, value: bool) -> No
     help="SSL version to use (see stdlib ssl module's)",
     show_default=True,
 )
+@click.option(
+    "--ssl-options",
+    type=int,
+    default=int(0),
+    help="Options of SSL context to use (see stdlib ssl module's)",
+    show_default=True,
+)
 @click.option(
     "--ssl-cert-reqs",
     type=int,
@@ -404,6 +411,7 @@ def main(
     ssl_certfile: str,
     ssl_keyfile_password: str,
     ssl_version: int,
+    ssl_options: int,
     ssl_cert_reqs: int,
     ssl_ca_certs: str,
     ssl_ciphers: str,
@@ -453,6 +461,7 @@ def main(
         ssl_certfile=ssl_certfile,
         ssl_keyfile_password=ssl_keyfile_password,
         ssl_version=ssl_version,
+        ssl_options=ssl_options,
         ssl_cert_reqs=ssl_cert_reqs,
         ssl_ca_certs=ssl_ca_certs,
         ssl_ciphers=ssl_ciphers,
@@ -507,6 +516,7 @@ def run(
     ssl_certfile: "str | os.PathLike[str] | None" = None,
     ssl_keyfile_password: typing.Optional[str] = None,
     ssl_version: int = SSL_PROTOCOL_VERSION,
+    ssl_options: int = 0,
     ssl_cert_reqs: int = ssl.CERT_NONE,
     ssl_ca_certs: typing.Optional[str] = None,
     ssl_ciphers: str = "TLSv1",
@@ -559,6 +569,7 @@ def run(
         ssl_certfile=ssl_certfile,
         ssl_keyfile_password=ssl_keyfile_password,
         ssl_version=ssl_version,
+        ssl_options=ssl_options,
         ssl_cert_reqs=ssl_cert_reqs,
         ssl_ca_certs=ssl_ca_certs,
         ssl_ciphers=ssl_ciphers,

uvicorn/workers.py

@@ -48,6 +48,7 @@ def __init__(self, *args: Any, **kwargs: Any) -> None:
                 "ssl_certfile": self.cfg.ssl_options.get("certfile"),
                 "ssl_keyfile_password": self.cfg.ssl_options.get("password"),
                 "ssl_version": self.cfg.ssl_options.get("ssl_version"),
+                "ssl_options": self.cfg.ssl_optinos.get("ssl_options"),
                 "ssl_cert_reqs": self.cfg.ssl_options.get("cert_reqs"),
                 "ssl_ca_certs": self.cfg.ssl_options.get("ca_certs"),
                 "ssl_ciphers": self.cfg.ssl_options.get("ciphers"),