From: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Date: Mon, 18 May 2026 21:47:35 +0000 (+0200)
Subject: [3.13] gh-95816: Fix TLS version range example in docs (GH-148574) (#150010)
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=09b2e00b4257e9a2974ec5e630cad6ba6d6a5699;p=thirdparty%2FPython%2Fcpython.git

[3.13] gh-95816: Fix TLS version range example in docs (GH-148574) (#150010)

gh-95816: Fix TLS version range example in docs (GH-148574)

docs(ssl): Fix TLS version range example
(cherry picked from commit dbd8985e8262055ed091de9a72660b7c112a4ce7)

Co-authored-by: Jan Brasna <1784648+janbrasna@users.noreply.github.com>
---

diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index 4f7536551028..761383bf0f73 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -1943,7 +1943,7 @@ to speed up repeated connections from the same clients.
    :attr:`~SSLContext.minimum_version` and
    :attr:`SSLContext.options` all affect the supported SSL
    and TLS versions of the context. The implementation does not prevent
-   invalid combination. For example a context with
+   invalid combinations. For example a context with
    :attr:`OP_NO_TLSv1_2` in :attr:`~SSLContext.options` and
    :attr:`~SSLContext.maximum_version` set to :attr:`TLSVersion.TLSv1_2`
    will not be able to establish a TLS 1.2 connection.
@@ -2746,11 +2746,11 @@ disabled by default.
 ::
 
    >>> client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
-   >>> client_context.minimum_version = ssl.TLSVersion.TLSv1_3
+   >>> client_context.minimum_version = ssl.TLSVersion.TLSv1_2
    >>> client_context.maximum_version = ssl.TLSVersion.TLSv1_3
 
 
-The SSL context created above will only allow TLSv1.3 and later (if
+The SSL client context created above will only allow TLSv1.2 and TLSv1.3 (if
 supported by your system) connections to a server. :const:`PROTOCOL_TLS_CLIENT`
 implies certificate validation and hostname checks by default. You have to
 load certificates into the context.