Skip to content

Commit

Permalink
bpo-32008: don't use PROTOCOL_TLSv1 in example (pythonGH-5789)
Browse files Browse the repository at this point in the history
It's bad form to pin to an old version of TLS. ssl.SSLContext has the right
protocol default, so let's not pass anyway.
  • Loading branch information
benjaminp authored Feb 21, 2018
1 parent 52c6b89 commit e9edee0
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions Doc/library/ssl.rst
Original file line number Diff line number Diff line change
Expand Up @@ -1707,7 +1707,7 @@ to speed up repeated connections from the same clients.

import socket, ssl

context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
context = ssl.SSLContext()
context.verify_mode = ssl.CERT_REQUIRED
context.check_hostname = True
context.load_default_certs()
Expand Down Expand Up @@ -1952,7 +1952,7 @@ If you prefer to tune security settings yourself, you might create
a context from scratch (but beware that you might not get the settings
right)::

>>> context = ssl.SSLContext(ssl.PROTOCOL_TLS)
>>> context = ssl.SSLContext()
>>> context.verify_mode = ssl.CERT_REQUIRED
>>> context.check_hostname = True
>>> context.load_verify_locations("/etc/ssl/certs/ca-bundle.crt")
Expand Down

0 comments on commit e9edee0

Please sign in to comment.