From: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Date: Mon, 18 May 2026 21:47:19 +0000 (+0200) Subject: [3.15] gh-95816: Fix TLS version range example in docs (GH-148574) (#150008) X-Git-Tag: v3.15.0b2~131 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=16f8ed5a82961cbfd3f74a529f940527957627f7;p=thirdparty%2FPython%2Fcpython.git [3.15] gh-95816: Fix TLS version range example in docs (GH-148574) (#150008) gh-95816: Fix TLS version range example in docs (GH-148574) docs(ssl): Fix TLS version range example (cherry picked from commit dbd8985e8262055ed091de9a72660b7c112a4ce7) Co-authored-by: Jan Brasna <1784648+janbrasna@users.noreply.github.com> --- diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst index d9c736d27dca..b180673f2297 100644 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -2076,7 +2076,7 @@ to speed up repeated connections from the same clients. :attr:`~SSLContext.minimum_version` and :attr:`SSLContext.options` all affect the supported SSL and TLS versions of the context. The implementation does not prevent - invalid combination. For example a context with + invalid combinations. For example a context with :attr:`OP_NO_TLSv1_2` in :attr:`~SSLContext.options` and :attr:`~SSLContext.maximum_version` set to :attr:`TLSVersion.TLSv1_2` will not be able to establish a TLS 1.2 connection. @@ -2891,11 +2891,11 @@ disabled by default. :: >>> client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) - >>> client_context.minimum_version = ssl.TLSVersion.TLSv1_3 + >>> client_context.minimum_version = ssl.TLSVersion.TLSv1_2 >>> client_context.maximum_version = ssl.TLSVersion.TLSv1_3 -The SSL context created above will only allow TLSv1.3 and later (if +The SSL client context created above will only allow TLSv1.2 and TLSv1.3 (if supported by your system) connections to a server. :const:`PROTOCOL_TLS_CLIENT` implies certificate validation and hostname checks by default. You have to load certificates into the context.