From: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Date: Wed, 21 Feb 2018 06:07:17 +0000 (-0800)
Subject: bpo-32008: don't use PROTOCOL_TLSv1 in example (GH-5789)
X-Git-Tag: v3.6.5rc1~56
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f8a794c04c8d375da279fc830770a5e6b4f363fb;p=python

bpo-32008: don't use PROTOCOL_TLSv1 in example (GH-5789)


It's bad form to pin to an old version of TLS. ssl.SSLContext has the right
protocol default, so let's not pass anyway.
(cherry picked from commit e9edee0b65650c4f9db90cefc2e9a8125bad762c)

Co-authored-by: Benjamin Peterson <benjamin@python.org>
---

diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index 8f219c5794..1c9e597306 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -1634,7 +1634,7 @@ to speed up repeated connections from the same clients.
 
       import socket, ssl
 
-      context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+      context = ssl.SSLContext()
       context.verify_mode = ssl.CERT_REQUIRED
       context.check_hostname = True
       context.load_default_certs()
@@ -1861,7 +1861,7 @@ If you prefer to tune security settings yourself, you might create
 a context from scratch (but beware that you might not get the settings
 right)::
 
-   >>> context = ssl.SSLContext(ssl.PROTOCOL_TLS)
+   >>> context = ssl.SSLContext()
    >>> context.verify_mode = ssl.CERT_REQUIRED
    >>> context.check_hostname = True
    >>> context.load_verify_locations("/etc/ssl/certs/ca-bundle.crt")