Creates and configures an :class:`ssl.SSLContext` instance for use with urllib3. :param ssl_version: The desired protocol version to use. This will default to PROTOCOL_SSLv23 which will negotiate the highest protocol that both the server and your installation of OpenSSL
(
ssl_version: int | None = None,
cert_reqs: int | None = None,
options: int | None = None,
ciphers: str | None = None,
ssl_minimum_version: int | None = None,
ssl_maximum_version: int | None = None,
verify_flags: int | None = None,
)
| 178 | |
| 179 | |
| 180 | def create_urllib3_context( |
| 181 | ssl_version: int | None = None, |
| 182 | cert_reqs: int | None = None, |
| 183 | options: int | None = None, |
| 184 | ciphers: str | None = None, |
| 185 | ssl_minimum_version: int | None = None, |
| 186 | ssl_maximum_version: int | None = None, |
| 187 | verify_flags: int | None = None, |
| 188 | ) -> ssl.SSLContext: |
| 189 | """Creates and configures an :class:`ssl.SSLContext` instance for use with urllib3. |
| 190 | |
| 191 | :param ssl_version: |
| 192 | The desired protocol version to use. This will default to |
| 193 | PROTOCOL_SSLv23 which will negotiate the highest protocol that both |
| 194 | the server and your installation of OpenSSL support. |
| 195 | |
| 196 | This parameter is deprecated instead use 'ssl_minimum_version'. |
| 197 | :param ssl_minimum_version: |
| 198 | The minimum version of TLS to be used. Use the 'ssl.TLSVersion' enum for specifying the value. |
| 199 | :param ssl_maximum_version: |
| 200 | The maximum version of TLS to be used. Use the 'ssl.TLSVersion' enum for specifying the value. |
| 201 | Not recommended to set to anything other than 'ssl.TLSVersion.MAXIMUM_SUPPORTED' which is the |
| 202 | default value. |
| 203 | :param cert_reqs: |
| 204 | Whether to require the certificate verification. This defaults to |
| 205 | ``ssl.CERT_REQUIRED``. |
| 206 | :param options: |
| 207 | Specific OpenSSL options. These default to ``ssl.OP_NO_SSLv2``, |
| 208 | ``ssl.OP_NO_SSLv3``, ``ssl.OP_NO_COMPRESSION``, and ``ssl.OP_NO_TICKET``. |
| 209 | :param ciphers: |
| 210 | Which cipher suites to allow the server to select. Defaults to either system configured |
| 211 | ciphers if OpenSSL 1.1.1+, otherwise uses a secure default set of ciphers. |
| 212 | :param verify_flags: |
| 213 | The flags for certificate verification operations. These default to |
| 214 | ``ssl.VERIFY_X509_PARTIAL_CHAIN`` and ``ssl.VERIFY_X509_STRICT`` for Python 3.13+. |
| 215 | :returns: |
| 216 | Constructed SSLContext object with specified options |
| 217 | :rtype: SSLContext |
| 218 | """ |
| 219 | if SSLContext is None: |
| 220 | raise TypeError("Can't create an SSLContext object without an ssl module") |
| 221 | |
| 222 | # This means 'ssl_version' was specified as an exact value. |
| 223 | if ssl_version not in (None, PROTOCOL_TLS, PROTOCOL_TLS_CLIENT): |
| 224 | # Disallow setting 'ssl_version' and 'ssl_minimum|maximum_version' |
| 225 | # to avoid conflicts. |
| 226 | if ssl_minimum_version is not None or ssl_maximum_version is not None: |
| 227 | raise ValueError( |
| 228 | "Can't specify both 'ssl_version' and either " |
| 229 | "'ssl_minimum_version' or 'ssl_maximum_version'" |
| 230 | ) |
| 231 | |
| 232 | # 'ssl_version' is deprecated and will be removed in the future. |
| 233 | else: |
| 234 | # Use 'ssl_minimum_version' and 'ssl_maximum_version' instead. |
| 235 | ssl_minimum_version = _SSL_VERSION_TO_TLS_VERSION.get( |
| 236 | ssl_version, TLSVersion.MINIMUM_SUPPORTED |
| 237 | ) |