Christian Heimes added the comment:
Indeed, the text is misleading. "secure default values" refers to
SSLContext.options only (no compression, "good" TLS versions) and not to cert
and host name verification.
--
___
Python tracker
New submission from Nathaniel Smith :
Quoting from the docs for ssl.SSLContext:
"Changed in version 3.6: The context is created with secure default values."
- https://docs.python.org/3/library/ssl.html#ssl.SSLContext
This is not true. If you call ssl.SSLContext(), you get a context with cert