ssl-with-no-version (S504)
Derived from the flake8-bandit linter.
What it does
Checks for calls to ssl.wrap_socket() without an ssl_version.
Why is this bad?
This method is known to provide a default value that maximizes compatibility, but permits use of insecure protocols.
Example
Use instead: