From 3ed60c95c213c133edbe123cfa3b5a8455f0f966 Mon Sep 17 00:00:00 2001
From: Jay Lee <jay0lee@gmail.com>
Date: Mon, 18 Nov 2024 12:00:13 -0500
Subject: [PATCH] Fix code scanning alert no. 13: Default version of SSL/TLS
 may be insecure

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/gam/atom/http_core.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/gam/atom/http_core.py b/src/gam/atom/http_core.py
index 9060a67e..201ecf7c 100644
--- a/src/gam/atom/http_core.py
+++ b/src/gam/atom/http_core.py
@@ -564,7 +564,9 @@ class ProxiedHttpClient(HttpClient):
             # Trivial setup for ssl socket.
             sslobj = None
             if ssl is not None:
-                sslobj = ssl.wrap_socket(p_sock, None, None)
+                context = ssl.SSLContext(ssl.PROTOCOL_TLS)
+                context.minimum_version = ssl.TLSVersion.TLSv1_2
+                sslobj = context.wrap_socket(p_sock, server_hostname=uri.host)
             else:
                 sock_ssl = socket.ssl(p_sock, None, Nonesock_)
                 sslobj = http.client.FakeSocket(p_sock, sock_ssl)