Default fetch_url to use TLSv1 instead of SSLv2/3

lib/ansible/module_utils/urls.py

@@ -50,6 +50,7 @@ try:
 except:
     HAS_SSL=False
 
+import httplib
 import os
 import re
 import socket
@@ -79,6 +80,23 @@ zKPZsZ2miVGclicJHzm5q080b1p/sZtuKIEZk6vZqEg=
 -----END CERTIFICATE-----
 """
 
+class CustomHTTPSConnection(httplib.HTTPSConnection):
+    def connect(self):
+        "Connect to a host on a given (SSL) port."
+
+        sock = socket.create_connection((self.host, self.port), self.timeout, self.source_address)
+        if self._tunnel_host:
+            self.sock = sock
+            self._tunnel()
+        self.sock = ssl.wrap_socket(sock, keyfile=self.key_file, certfile=self.cert_file, ssl_version=ssl.PROTOCOL_TLSv1)
+
+class CustomHTTPSHandler(urllib2.HTTPSHandler):
+
+    def https_open(self, req):
+        return self.do_open(CustomHTTPSConnection, req)
+
+    https_request = urllib2.AbstractHTTPHandler.do_request_
+
 def generic_urlparse(parts):
     '''
     Returns a dictionary of url parts as parsed by urlparse,
@@ -373,6 +391,8 @@ def fetch_url(module, url, data=None, headers=None, method=None,
         proxyhandler = urllib2.ProxyHandler({})
         handlers.append(proxyhandler)
 
+    handlers.append(CustomHTTPSHandler)
+
     opener = urllib2.build_opener(*handlers)
     urllib2.install_opener(opener)