From b88fed4d57926e1a8d13551b5de49b471c48f552 Mon Sep 17 00:00:00 2001 From: Ishaan Kapur <64529428+ishaanlabs-gg@users.noreply.github.com> Date: Wed, 1 Jul 2026 03:48:30 +0530 Subject: [PATCH] gh-152709: Update ssl docs for OpenSSL 4 --- Doc/library/ssl.rst | 9 +++++---- Lib/ssl.py | 9 +++------ ...-07-01-03-50-00.gh-issue-152709.ssl-openssl4-docs.rst | 2 ++ 3 files changed, 10 insertions(+), 10 deletions(-) create mode 100644 Misc/NEWS.d/next/Documentation/2026-07-01-03-50-00.gh-issue-152709.ssl-openssl4-docs.rst diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst index 66fe6c7aee48626..a5a65ac28731e95 100644 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -655,7 +655,7 @@ Constants Selects SSL version 3 as the channel encryption protocol. This protocol is not available if OpenSSL is compiled with the - ``no-ssl3`` option. + ``no-ssl3`` option, or with OpenSSL 4.0 or later. .. warning:: @@ -672,6 +672,7 @@ Constants .. data:: PROTOCOL_TLSv1 Selects TLS version 1.0 as the channel encryption protocol. + This protocol is not available with OpenSSL 4.0 or later. .. deprecated:: 3.6 @@ -680,7 +681,7 @@ Constants .. data:: PROTOCOL_TLSv1_1 Selects TLS version 1.1 as the channel encryption protocol. - Available only with openssl version 1.0.1+. + Available only with OpenSSL version 1.0.1 through 3.x. .. versionadded:: 3.4 @@ -691,7 +692,7 @@ Constants .. data:: PROTOCOL_TLSv1_2 Selects TLS version 1.2 as the channel encryption protocol. - Available only with openssl version 1.0.1+. + Available only with OpenSSL version 1.0.1 through 3.x. .. versionadded:: 3.4 @@ -2037,7 +2038,7 @@ to speed up repeated connections from the same clients. import socket, ssl - context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) + context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) context.verify_mode = ssl.CERT_REQUIRED context.check_hostname = True context.load_default_certs() diff --git a/Lib/ssl.py b/Lib/ssl.py index 3c0361330d7e951..0d919a0ed7d122d 100644 --- a/Lib/ssl.py +++ b/Lib/ssl.py @@ -50,17 +50,14 @@ CERT_REQUIRED - certificates are required, and will be validated, and if validation fails, the connection will also fail -The following constants identify various SSL protocol variants: +The following constants identify various SSL protocol variants. Some legacy, +version-specific protocol constants are only available when supported by the +linked OpenSSL library: -PROTOCOL_SSLv2 -PROTOCOL_SSLv3 PROTOCOL_SSLv23 PROTOCOL_TLS PROTOCOL_TLS_CLIENT PROTOCOL_TLS_SERVER -PROTOCOL_TLSv1 -PROTOCOL_TLSv1_1 -PROTOCOL_TLSv1_2 The following constants identify various SSL alert message descriptions as per http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6 diff --git a/Misc/NEWS.d/next/Documentation/2026-07-01-03-50-00.gh-issue-152709.ssl-openssl4-docs.rst b/Misc/NEWS.d/next/Documentation/2026-07-01-03-50-00.gh-issue-152709.ssl-openssl4-docs.rst new file mode 100644 index 000000000000000..b711c76e15329d4 --- /dev/null +++ b/Misc/NEWS.d/next/Documentation/2026-07-01-03-50-00.gh-issue-152709.ssl-openssl4-docs.rst @@ -0,0 +1,2 @@ +Update :mod:`ssl` documentation for legacy protocol constants unavailable +with OpenSSL 4.0 and later.