make SSLv23 the default version in ftplib (closes #23111)

diff --git a/Doc/library/ftplib.rst b/Doc/library/ftplib.rst
index b42cf648891023b7ffe3226b3c7bcdc0b6ce28e2..ec07c8785444c8c52efef2c1ff027647a24b5901 100644 (file)
--- a/Doc/library/ftplib.rst
+++ b/Doc/library/ftplib.rst
@@ -384,7 +384,7 @@ FTP_TLS Objects
 
 .. attribute:: FTP_TLS.ssl_version
 
-   The SSL version to use (defaults to *TLSv1*).
+   The SSL version to use (defaults to :attr:`ssl.PROTOCOL_SSLv23`).
 
 .. method:: FTP_TLS.auth()
 

diff --git a/Lib/ftplib.py b/Lib/ftplib.py
index c98290ce85e996f2e10516d88f94094e06c9a78f..0a69b7a6619fd543b38cf1bed716aedf5be1b10e 100644 (file)
--- a/Lib/ftplib.py
+++ b/Lib/ftplib.py
@@ -638,7 +638,7 @@ else:
         '221 Goodbye.'
         >>>
         '''
-        ssl_version = ssl.PROTOCOL_TLSv1
+        ssl_version = ssl.PROTOCOL_SSLv23
 
         def __init__(self, host='', user='', passwd='', acct='', keyfile=None,
                      certfile=None, timeout=_GLOBAL_DEFAULT_TIMEOUT):
@@ -656,7 +656,7 @@ else:
             '''Set up secure control connection by using TLS/SSL.'''
             if isinstance(self.sock, ssl.SSLSocket):
                 raise ValueError("Already using TLS")
-            if self.ssl_version == ssl.PROTOCOL_TLSv1:
+            if self.ssl_version >= ssl.PROTOCOL_SSLv23:
                 resp = self.voidcmd('AUTH TLS')
             else:
                 resp = self.voidcmd('AUTH SSL')

diff --git a/Misc/NEWS b/Misc/NEWS
index 276b537cd04f141e78973dddb04a99fc1fe5effa..47a73fe599aa2e416b60e7242e67127814fbc055 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -15,6 +15,8 @@ Core and Builtins
 Library
 -------
 
+- Issue #23111: Maximize compatibility in protocol versions of ftplib.FTP_TLS.
+
 - Issue #23112: Fix SimpleHTTPServer to correctly carry the query string and
   fragment when it redirects to add a trailing slash.