From 6c7edba1665ea676328c6b50f92e8423c8f0d164 Mon Sep 17 00:00:00 2001 From: Benjamin Peterson Date: Tue, 20 Feb 2018 22:17:10 -0800 Subject: [PATCH] [2.7] closes bpo-32008: don't use PROTOCOL_TLSv1 in example (GH-5789) (#5792) It's bad form to pin to an old version of TLS. ssl.SSLContext has the right protocol default, so let's not pass anyway.. (cherry picked from commit e9edee0b65650c4f9db90cefc2e9a8125bad762c) --- Doc/library/ssl.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst index 5b55a82f5ecda1..0ac06fa166f60b 100644 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -1330,7 +1330,7 @@ to speed up repeated connections from the same clients. import socket, ssl - context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) + context = ssl.SSLContext(ssl.PROTOCOL_TLS) context.verify_mode = ssl.CERT_REQUIRED context.check_hostname = True context.load_default_certs() @@ -1536,7 +1536,7 @@ If you prefer to tune security settings yourself, you might create a context from scratch (but beware that you might not get the settings right):: - >>> context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + >>> context = ssl.SSLContext(ssl.PROTOCOL_TLS) >>> context.verify_mode = ssl.CERT_REQUIRED >>> context.check_hostname = True >>> context.load_verify_locations("/etc/ssl/certs/ca-bundle.crt")