bpo-32008: don't use PROTOCOL_TLSv1 in example (GH-5789)
It's bad form to pin to an old version of TLS. ssl.SSLContext has the right
protocol default, so let's not pass anyway.
(cherry picked from commit e9edee0b65
)
Co-authored-by: Benjamin Peterson <benjamin@python.org>
This commit is contained in:
parent
7452f6d8fa
commit
e5d38deb04
|
@ -1707,7 +1707,7 @@ to speed up repeated connections from the same clients.
|
|||
|
||||
import socket, ssl
|
||||
|
||||
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
|
||||
context = ssl.SSLContext()
|
||||
context.verify_mode = ssl.CERT_REQUIRED
|
||||
context.check_hostname = True
|
||||
context.load_default_certs()
|
||||
|
@ -1952,7 +1952,7 @@ If you prefer to tune security settings yourself, you might create
|
|||
a context from scratch (but beware that you might not get the settings
|
||||
right)::
|
||||
|
||||
>>> context = ssl.SSLContext(ssl.PROTOCOL_TLS)
|
||||
>>> context = ssl.SSLContext()
|
||||
>>> context.verify_mode = ssl.CERT_REQUIRED
|
||||
>>> context.check_hostname = True
|
||||
>>> context.load_verify_locations("/etc/ssl/certs/ca-bundle.crt")
|
||||
|
|
Loading…
Reference in New Issue