Skip to content

Commit

Permalink
[2.7] closes bpo-32008: don't use PROTOCOL_TLSv1 in example (pythonGH…
Browse files Browse the repository at this point in the history
…-5789) (python#5792)

It's bad form to pin to an old version of TLS. ssl.SSLContext has the right
protocol default, so let's not pass anyway..
(cherry picked from commit e9edee0)
  • Loading branch information
benjaminp authored Feb 21, 2018
1 parent 5dc275a commit 6c7edba
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions Doc/library/ssl.rst
Original file line number Diff line number Diff line change
Expand Up @@ -1330,7 +1330,7 @@ to speed up repeated connections from the same clients.

import socket, ssl

context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
context = ssl.SSLContext(ssl.PROTOCOL_TLS)
context.verify_mode = ssl.CERT_REQUIRED
context.check_hostname = True
context.load_default_certs()
Expand Down Expand Up @@ -1536,7 +1536,7 @@ If you prefer to tune security settings yourself, you might create
a context from scratch (but beware that you might not get the settings
right)::

>>> context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
>>> context = ssl.SSLContext(ssl.PROTOCOL_TLS)
>>> context.verify_mode = ssl.CERT_REQUIRED
>>> context.check_hostname = True
>>> context.load_verify_locations("/etc/ssl/certs/ca-bundle.crt")
Expand Down

0 comments on commit 6c7edba

Please sign in to comment.