Comment 4 for bug 1917625

I didn't include a setter for security level on purpose, https://bugs.python.org/issue41195 . Most recent Python version only has a getter to query security level. I strongly believe that user application should not modify security level. Security level and TLS versions should be centrally managed by system administrators. Unfortunately Python's ssl module still has legacy support for TLS 1.0 and 1.1.

Even a check for seclevel == 2 or modification of the security level wouldn't address Python's test failures on Ubuntu. After all Ubuntu uses a custom policy that deviates from the seclevel 2 definition
at https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_get_security_level.html

Do you suggest that Python should check for Ubuntu in the test suite, so we can special case Ubuntu's custom policy?