Comment 2 for bug 1963834

To be clear, the root issue is that the server is using an outdated, insecure protocol that has been deemed so for more than a decade, and OpenSSL finally decided to disable it by default. The "proper" way to fix this would be for them to upgrade.

Now, that being said, we live in the real world and our users probably don't have the power to make this decision.

I really don't understand why the upstream Python PR has been closed, it'd have made our lives easier. We *could* carry the patch in our Python 3.10 package, but that's just moving the problem, as our more technical users would have this escape hatch but the others would still be left out.

I'll get in touch with OpenSSL upstream to see if it's conceivable to expose this flag as a configuration option.