ssl-insecure-version (S502)
Derived from the flake8-bandit linter.
What it does
Checks for function calls with parameters that indicate the use of insecure SSL and TLS protocol versions.
Why is this bad?
Several highly publicized exploitable flaws have been discovered in all versions of SSL and early versions of TLS. The following versions are considered insecure, and should be avoided:
- SSL v2
- SSL v3
- TLS v1
- TLS v1.1
This method supports detection on the Python's built-in ssl module and
the pyOpenSSL module.
Example
Use instead: