Issue 31346: Prefer PROTOCOL_TLS_CLIENT/SERVER - Python tracker (original) (raw)

Since Python 3.6 the ssl module has three new protocols:

• PROTOCOL_TLS is the new, preferred, and less confusing name of PROTOCOL_SSLv23. It performs auto-negotiation of the best TLS/SSL protocol supported by client and server.
• PROTOCOL_TLS_CLIENT is a client-only variant of PROTOCOL_TLS. The protocol also enables check_hostname and CERT_REQUIRED.
• PROTOCOL_TLS_SERVER is server side-only variant. It leaves check_hostname disabled and has CERT_NONE (no client cert validation).

Tests and code should prefer PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER whenever possible.