make SSLv23 the default version in ftplib (closes #23111)
diff --git a/Doc/library/ftplib.rst b/Doc/library/ftplib.rst
index b42cf64..ec07c87 100644
--- a/Doc/library/ftplib.rst
+++ b/Doc/library/ftplib.rst
@@ -384,7 +384,7 @@
.. attribute:: FTP_TLS.ssl_version
- The SSL version to use (defaults to *TLSv1*).
+ The SSL version to use (defaults to :attr:`ssl.PROTOCOL_SSLv23`).
.. method:: FTP_TLS.auth()
diff --git a/Lib/ftplib.py b/Lib/ftplib.py
index c98290c..0a69b7a 100644
--- a/Lib/ftplib.py
+++ b/Lib/ftplib.py
@@ -638,7 +638,7 @@
'221 Goodbye.'
>>>
'''
- ssl_version = ssl.PROTOCOL_TLSv1
+ ssl_version = ssl.PROTOCOL_SSLv23
def __init__(self, host='', user='', passwd='', acct='', keyfile=None,
certfile=None, timeout=_GLOBAL_DEFAULT_TIMEOUT):
@@ -656,7 +656,7 @@
'''Set up secure control connection by using TLS/SSL.'''
if isinstance(self.sock, ssl.SSLSocket):
raise ValueError("Already using TLS")
- if self.ssl_version == ssl.PROTOCOL_TLSv1:
+ if self.ssl_version >= ssl.PROTOCOL_SSLv23:
resp = self.voidcmd('AUTH TLS')
else:
resp = self.voidcmd('AUTH SSL')
diff --git a/Misc/NEWS b/Misc/NEWS
index 276b537..47a73fe 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -15,6 +15,8 @@
Library
-------
+- Issue #23111: Maximize compatibility in protocol versions of ftplib.FTP_TLS.
+
- Issue #23112: Fix SimpleHTTPServer to correctly carry the query string and
fragment when it redirects to add a trailing slash.