make SSLv23 the default version in ftplib (closes #23111)

benjaminp · benjaminp · commit 9fe67ceebf69 · 2015-01-04T10:20:16.000-06:00
diff --git a/Doc/library/ftplib.rst b/Doc/library/ftplib.rst
@@ -384,7 +384,7 @@ FTP_TLS Objects
 
 .. attribute:: FTP_TLS.ssl_version
 
-   The SSL version to use (defaults to *TLSv1*).
+   The SSL version to use (defaults to :attr:`ssl.PROTOCOL_SSLv23`).
 
 .. method:: FTP_TLS.auth()
 
diff --git a/Lib/ftplib.py b/Lib/ftplib.py
@@ -638,7 +638,7 @@ class FTP_TLS(FTP):
         '221 Goodbye.'
         >>>
         '''
-        ssl_version = ssl.PROTOCOL_TLSv1
+        ssl_version = ssl.PROTOCOL_SSLv23
 
         def __init__(self, host='', user='', passwd='', acct='', keyfile=None,
                      certfile=None, timeout=_GLOBAL_DEFAULT_TIMEOUT):
@@ -656,7 +656,7 @@ def auth(self):
             '''Set up secure control connection by using TLS/SSL.'''
             if isinstance(self.sock, ssl.SSLSocket):
                 raise ValueError("Already using TLS")
-            if self.ssl_version == ssl.PROTOCOL_TLSv1:
+            if self.ssl_version >= ssl.PROTOCOL_SSLv23:
                 resp = self.voidcmd('AUTH TLS')
             else:
                 resp = self.voidcmd('AUTH SSL')
diff --git a/Misc/NEWS b/Misc/NEWS
@@ -15,6 +15,8 @@ Core and Builtins
 Library
 -------
 
+- Issue #23111: Maximize compatibility in protocol versions of ftplib.FTP_TLS.
+
 - Issue #23112: Fix SimpleHTTPServer to correctly carry the query string and
   fragment when it redirects to add a trailing slash.
 
