[2.7] closes bpo-32008: don't use PROTOCOL_TLSv1 in example (pythonGH-5789) (python#5792)

benjaminp · web-flow · commit 6c7edba1665e · 2018-02-20T22:17:10.000-08:00
It's bad form to pin to an old version of TLS. ssl.SSLContext has the right protocol default, so let's not pass anyway.. (cherry picked from commit e9edee0)
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
@@ -1330,7 +1330,7 @@ to speed up repeated connections from the same clients.
 
       import socket, ssl
 
-      context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+      context = ssl.SSLContext(ssl.PROTOCOL_TLS)
       context.verify_mode = ssl.CERT_REQUIRED
       context.check_hostname = True
       context.load_default_certs()
@@ -1536,7 +1536,7 @@ If you prefer to tune security settings yourself, you might create
 a context from scratch (but beware that you might not get the settings
 right)::
 
-   >>> context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+   >>> context = ssl.SSLContext(ssl.PROTOCOL_TLS)
    >>> context.verify_mode = ssl.CERT_REQUIRED
    >>> context.check_hostname = True
    >>> context.load_verify_locations("/etc/ssl/certs/ca-bundle.crt")
