SSL101.md

SSL 101

The following SSL protocols are considered insecure.

• PROTCOL_SSLv3
• PROTOCOL_SSLv2
• PROTOCOL_TLSv1
• PROTOCOL_TLSv1_1

Fixes

• Use ssl.create_default_context() instead of trying to do this yourself
• Do not use version specifiers, use PROTOCOL_TLS with options disallowing the bad protocols

See Also

• http://heartbleed.com/
• http://poodlebleed.com/
• https://www.openssl.org/~bodo/ssl-poodle.pdf
• https://docs.python.org/3/library/ssl.html#ssl-security