```
import ssl
import urllib.request

url_string = "https://kubernetes.default.svc.cluster.local./api/"

ctx = ssl._create_unverified_context()

with urllib.request.urlopen(url_string, context=ctx) as f:
    f.read()
```

In running this sample code will got a following handshake error,

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3.8/urllib/request.py", line 222, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/lib/python3.8/urllib/request.py", line 525, in open
    response = self._open(req, data)
  File "/usr/lib/python3.8/urllib/request.py", line 542, in _open
    result = self._call_chain(self.handle_open, protocol, protocol +
  File "/usr/lib/python3.8/urllib/request.py", line 502, in _call_chain
    result = func(*args)
  File "/usr/lib/python3.8/urllib/request.py", line 1393, in https_open
    return self.do_open(http.client.HTTPSConnection, req,
  File "/usr/lib/python3.8/urllib/request.py", line 1353, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: SSLV3_ALERT_UNEXPECTED_MESSAGE] sslv3 alert unexpected message (_ssl.c:1123)>

Instead using absolute domain name, using `https://kubernetes.default.svc.cluster.local/api/` then the issue solved. I also tried other domains like `google.com.`, but in this case the handshake process had no errors.

SSLV3_ALERT_UNEXPECTED_MESSAGE means that the server is responding with incorrect TLS data. That's usually the case when the port on the server is HTTP instead of HTTPS. It's also possible that the server does not like the SNI header (Server Name Indication) and closes the connection incorrectly.

By the way unverified context is insecure and should not be used in production. I assume that you are using an unverified context because hostnames with a trailing dot are not supported by OpenSSL, see #31997 and #40306.