Deprecated SSL protocol in CertValidatingHTTPSConnection #178
Description
tl;dr: Line 72 of duo_client/https_wrapper.py hard-codes a deprecated (since Python 3.6) SSL protocol.
The only similar issue I found in this queue is #31, but it's pretty historic (2016) and only slightly related.
We've just upgraded Python (to 3.10.5) and found that at least one of our scripts using duo_client_python is emitting a new-to-us deprecation warning:
/path/to/python3.10/site-packages/duo_client/https_wrapper.py:72: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
Line 72, referenced in the warning above is
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
ssl.PROTOCOL_SSLv23 is deprecated since Python 3.6 (docs.python.org). The replacement, ssl.PROTOCOL_TLS, which was introduced in Python 3.6 is itself deprecated, now, under Python 3.10:
Deprecated since version 3.10: TLS clients and servers require different default settings for secure communication. The generic TLS protocol constant is deprecated in favor of PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER.
ssl.PROTOCOL_TLS_CLIENT:
Auto-negotiate the highest protocol version that both the client and server support, and configure the context client-side connections. The protocol enables CERT_REQUIRED and check_hostname by default.