ssl-with-no-version (S504)#
Derived from the flake8-bandit linter.
What it does#
Checks for calls to ssl.wrap_socket() without an ssl_version.
Why is this bad?#
This method is known to provide a default value that maximizes compatibility, but permits use of insecure protocols.
Example#
Use instead: