Example requires exactly TLSv1.3, but explanation says TLSv1.2 and later

[qris]

Documentation

The example at https://docs.python.org/3/library/ssl.html#protocol-versions says:

client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
client_context.minimum_version = ssl.TLSVersion.TLSv1_3
client_context.maximum_version = ssl.TLSVersion.TLSv1_3

Which should require exactly TLSv1.3 (no higher or lower). But the explanation then says:

The SSL context created above will only allow TLSv1.2 and later (if supported by your system) connections to a server.

I think this is an incorrect statement. I also think the example is not ideal, as it would be strange to refuse to use more recent versions of TLS if they were supported.

[graingert]

I think I've opened this one somewhere

[janbrasna]

Related:

• minimum_version mismatch #105090
• gh-105090: Replace incorrect TLSv1.2 with TLSv1.3 #105404
• gh-105090: Update ssl.rst to show a range of TLS versions supported by a context. #107273

Not entirely fixed as of today, as the edits were made to TLS v1.3 as min/max, yet the explainer says TLSv1.3 or newer, which is still wrong.

So the question is: should the max be changed to MAXIMUM_SUPPORTED (or left out completely?) or the description altered to say it's exactly TLS v1.3 only?
Maybe it should be changed back to ssl.TLSVersion.TLSv1_2 to demonstrate a range of versions as proposed via #105090 (comment) in #107273 …?