From 838c9e4831fb2cc320be8ab2a3748b7d4244e398 Mon Sep 17 00:00:00 2001
From: William Barnhart <williambbarnhart@gmail.com>
Date: Sun, 6 Aug 2023 18:06:54 -0400
Subject: [PATCH] Set SSLContext minimum version to TLSv1_2

---
 kafka/conn.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kafka/conn.py b/kafka/conn.py
index cac354875..bde01a819 100644
--- a/kafka/conn.py
+++ b/kafka/conn.py
@@ -463,6 +463,7 @@ def _wrap_ssl(self):
         if self._ssl_context is None:
             log.debug('%s: configuring default SSL Context', self)
             self._ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)  # pylint: disable=no-member
+            self._ssl_context.minimum_version = ssl.TLSVersion.TLSv1_2
             self._ssl_context.options |= ssl.OP_NO_SSLv2  # pylint: disable=no-member
             self._ssl_context.options |= ssl.OP_NO_SSLv3  # pylint: disable=no-member
             self._ssl_context.verify_mode = ssl.CERT_OPTIONAL