1Fixed an issue where instances of :class:`ssl.SSLSocket` were vulnerable to
2a bypass of the TLS handshake and included protections (like certificate
3verification) and treating sent unencrypted data as if it were
4post-handshake TLS encrypted data.  Security issue reported as
5`CVE-2023-40217
6<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40217>`_ by
7Aapo Oksman. Patch by Gregory P. Smith.
8