SSL 101

The following SSL protocols are considered insecure.

  • PROTCOL_SSLv3
  • PROTOCOL_SSLv2
  • PROTOCOL_TLSv1
  • PROTOCOL_TLSv1_1

Fixes

  • Use ssl.create_default_context() instead of trying to do this yourself
  • Do not use version specifiers, use PROTOCOL_TLS with options disallowing the bad protocols

See Also

  • http://heartbleed.com/
  • http://poodlebleed.com/
  • https://www.openssl.org/~bodo/ssl-poodle.pdf
  • https://docs.python.org/3/library/ssl.html#ssl-security