== How to fix it in ssl

=== Code examples

include::../../common/fix/code-rationale.adoc[]

==== Noncompliant code example

[source,python,diff-id=41,diff-type=noncompliant]
----
import ssl

ciphers = 'RC4-SHA:RC4-MD5'
ctx = ssl.create_default_context()
ctx.set_ciphers(ciphers)  # Noncompliant
----

==== Compliant solution

[source,python,diff-id=41,diff-type=compliant]
----
import ssl

ctx = ssl.create_default_context()
----

=== How does this work?

It is recommended to not override the ciphers but instead, use the secure
default ciphers of the module, as they might change over time.