The documentation (https://docs.python.org/2/library/ssl.html) says:
The settings in Python 2.7.9 are: PROTOCOL_SSLv23, OP_NO_SSLv2, and OP_NO_SSLv3 with high encryption cipher suites without RC4

But it still seems to use RC4: https://www.howsmyssl.com/a/check

Also the test at https://www.ssllabs.com/ssltest/viewMyClient.html says it still supports SSLv3 (not so sure about this one).

I believe RC4 will still be used under 2.7.9 on clients, this is changed for 2.7.10

RC4 is dropped in the next releases.

You can explicitly disable RC4 if you create a SSLContext and then call set_ciphers() with the right list of ciphers. See for examples cipher lists of Python 2.7 (development branch):
https://hg.python.org/cpython/file/0b44c749ae51/Lib/ssl.py#l150

Add ":!RC4" at the end of the cipher list to disable RC4.

OpenSSL cipher list format:
https://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT

So it seems the docs are wrong.

They're correct for the next release. :(

But the doc explicitly says 2.7.9, so no, they are not correct.  There also should be versionchanged directive, I think.

New changeset e1dfa5f0709f by Benjamin Peterson in branch '2.7':
versionchanged for rc4 removal (closes #23679)
https://hg.python.org/cpython/rev/e1dfa5f0709f

New changeset 2a6a63828a40 by Benjamin Peterson in branch '3.4':
versionchanged for rc4 removal (closes #23679)
https://hg.python.org/cpython/rev/2a6a63828a40

New changeset 87c102d0df39 by Benjamin Peterson in branch 'default':
merge 3.4 (#23679)
https://hg.python.org/cpython/rev/87c102d0df39

That was fast, great job!

For the record: The SSLv3 issue I also wrote about was a false positive because the test only works with Javascript. Python 2.7.9 has SSLv3 disabled by default as it should.

urllib2.urlopen("https://sslv3.dshield.org")  # fails as it should