make PROTOCOL_SSLv23 the default protocol version for ftplib (closes #23111)

diff --git a/Lib/ftplib.py b/Lib/ftplib.py
index 9c73f5f019d14c3d65efab17f7f8f2e4c39e204d..cd8c1a987eb6d633ec3805fc68a0e465608b8b23 100644 (file)
--- a/Lib/ftplib.py
+++ b/Lib/ftplib.py
@@ -713,7 +713,7 @@ else:
         '221 Goodbye.'
         >>>
         '''
-        ssl_version = ssl.PROTOCOL_TLSv1
+        ssl_version = ssl.PROTOCOL_SSLv23
 
         def __init__(self, host='', user='', passwd='', acct='', keyfile=None,
                      certfile=None, context=None,
@@ -743,7 +743,7 @@ else:
             '''Set up secure control connection by using TLS/SSL.'''
             if isinstance(self.sock, ssl.SSLSocket):
                 raise ValueError("Already using TLS")
-            if self.ssl_version == ssl.PROTOCOL_TLSv1:
+            if self.ssl_version >= ssl.PROTOCOL_SSLv23:
                 resp = self.voidcmd('AUTH TLS')
             else:
                 resp = self.voidcmd('AUTH SSL')

diff --git a/Misc/NEWS b/Misc/NEWS
index 7932c77f1ccbdd5cab453f22d6bbd8d39ed27af1..42cbc39d6e38d0f5d61344ae6498b8ea4b1ee4cd 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -41,6 +41,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #23111: In the ftplib, make ssl.PROTOCOL_SSLv23 the default protocol
+  version.
+
 - Issue #22585: On OpenBSD 5.6 and newer, os.urandom() now calls getentropy(),
   instead of reading /dev/urandom, to get pseudo-random bytes.