ssl-with-bad-defaults (S503)
Derived from the flake8-bandit linter.
What it does
Checks for function definitions with default arguments set to insecure SSL and TLS protocol versions.
Why is this bad?
Several highly publicized exploitable flaws have been discovered in all versions of SSL and early versions of TLS. The following versions are considered insecure, and should be avoided:
- SSL v2
- SSL v3
- TLS v1
- TLS v1.1
Example
Use instead: