STINNER Victor added the comment: I read the table explaining how SSL/TLS is negociated between the client and the server: https://docs.python.org/2.7/library/ssl.html#ssl.wrap_socket
I don't understand how I can ask to "use TLS, prefer the most recent version, but don't use SSL"? Should I use TLSv1 which only works with TLS version 1.0? Or TLSv12 and bet that the server implements this newer TLS version? create_default_context() uses PROTOCOL_SSLv23 with OP_NO_SSLv2 and OP_NO_SSLv3. I don't understand: we ask to use "SSL version 2 or 3" but we disable SSLv2 and SSLv3? If the client uses PROTOCOL_SSLv23, does it mean that TLS will never be tried? ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue22638> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com