The ssl library defaults to an insecure version of SSL/TLS when no specific protocol version is specified. This may leave the connection vulnerable to attack.

Ensure that a modern, strong protocol is used. All versions of SSL, and TLS 1.0 are known to be vulnerable to attacks. Using TLS 1.1 or above is strongly recommended. If no explicit ssl_version is specified, the default PROTOCOL_TLS is chosen. This protocol is insecure and should not be used.

The following code shows a variety of ways of setting up a connection using SSL or TLS. They are all potentially insecure because the default version is used.

In all of the above cases, a secure protocol should be used instead.

Note that ssl.wrap_socket has been deprecated in Python 3.7. A preferred alternative is to use ssl.SSLContext, which is supported in Python 2.7.9 and 3.2 and later versions.

Wikipedia: Transport Layer Security.

Python 3 documentation: class ssl.SSLContext.

Python 3 documentation: ssl.wrap_socket.