satisfy security by ensuring ssl ctx only uses TLS 1.2+

This commit is contained in:
Jay Lee
2026-07-01 12:55:18 +00:00
parent 07e79794a8
commit 335d14137c

View File

@@ -9599,6 +9599,7 @@ def inspect_untrusted_cert(url):
port = parsed.port or 443
# Create an unverified context purely for diagnostic extraction
ctx = ssl.create_default_context()
ctx.minimum_version = ssl.TLSVersion.TLSv1_2
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
try: