Using a broken or weak cryptographic protocol may make a connection vulnerable to interference from an attacker.

Ensure that a modern, strong protocol is used. All versions of SSL, and TLS 1.0 are known to be vulnerable to attacks. Using TLS 1.1 or above is strongly recommended.

The following code shows a variety of ways of setting up a connection using SSL or TLS. They are all insecure because of the version specified.

All cases should be updated to use a secure protocol, such as PROTOCOL_TLSv1_1.

Note that ssl.wrap_socket has been deprecated in Python 3.7. A preferred alternative is to use ssl.SSLContext, which is supported in Python 2.7.9 and 3.2 and later versions.

Wikipedia: Transport Layer Security.

Python 3 documentation: class ssl.SSLContext.

Python 3 documentation: ssl.wrap_socket.

pyOpenSSL documentation: An interface to the SSL-specific parts of OpenSSL.