# Insecure TLS Configuration
Encryption powers the modern internet, allowing transmission of secrets across a network in such a way they cannot be inspected or tampered with by a third party. Your code should be configured to communicate over the internet using encrypted protocols. Any HTTPS communication should use a modern version of *Transport Layer Security* (TLS) and a secure cipher suite.
## TLS Connections in Python
Any TLS connections you make in Python code must use a modern version of the TLS protocol. This means deprecating older TLS versions on your web-server, and specifying one of the following versions of TLS when creating an outgoing TLS connection:
* TLS v1.2
* TLS v1.3
* DTLS v1.2
* DTLS v1.3
Here’s how to perform a simple HTTP request in the `urllib3` library, specifying the version of TLS:
“`python http = urllib3.PoolManager( ssl_minimum_version = ssl.TLSVersion.TLSv1 )response = http.request(“GET”, “https://tls-v1-0.badssl.com:1010”) “` |
`urllib3` by default expects the server to support TLS 1.2, so specifying a weaker version of the protocol (as shown above) should be avoided.
## CWEs
* [CWE-326](https://cwe.mitre.org/data/definitions/326.html)
* [CWE-327](https://cwe.mitre.org/data/definitions/327.html)