Starting in Python 3.10, TLS connections to certain servers (e.g. websocket-cs.vudu.com:443) are failing when it worked fine on Python 3.9 and earlier on the same system.


Minimal working example:

```
#!/usr/bin/env python3

import socket
import ssl

HOST = 'websocket-cs.vudu.com'
PORT = 443

sock = socket.create_connection((HOST, PORT))
ctx = ssl.create_default_context()
ssock = ctx.wrap_socket(sock, server_hostname=HOST)
print("Connection successful")
```


Output:
```
❯ python3.9 ssl_eof_test.py
Connection successful

❯ python3.10 ssl_eof_test.py
Traceback (most recent call last):
  File "/home/nyuszika7h/ssl_eof_test.py", line 11, in <module>
    ssock = ctx.wrap_socket(sock, server_hostname=HOST)
  File "/home/nyuszika7h/.pyenv/versions/3.10.0/lib/python3.10/ssl.py", line 512, in wrap_socket
    return self.sslsocket_class._create(
  File "/home/nyuszika7h/.pyenv/versions/3.10.0/lib/python3.10/ssl.py", line 1070, in _create
    self.do_handshake()
  File "/home/nyuszika7h/.pyenv/versions/3.10.0/lib/python3.10/ssl.py", line 1341, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:997)

❯ python3.11 ssl_eof_test.py
Traceback (most recent call last):
  File "/home/nyuszika7h/ssl_eof_test.py", line 11, in <module>
    ssock = ctx.wrap_socket(sock, server_hostname=HOST)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/nyuszika7h/.pyenv/versions/3.11-dev/lib/python3.11/ssl.py", line 517, in wrap_socket
    return self.sslsocket_class._create(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/nyuszika7h/.pyenv/versions/3.11-dev/lib/python3.11/ssl.py", line 1075, in _create
    self.do_handshake()
    ^^^^^^^^^^^^^^^^^^^
  File "/home/nyuszika7h/.pyenv/versions/3.11-dev/lib/python3.11/ssl.py", line 1346, in do_handshake
    self._sslobj.do_handshake()
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:998)
```


System information:

```
❯ uname -a
Linux cadoth 5.10.0-8-amd64 #1 SMP Debian 5.10.46-5 (2021-09-23) x86_64 GNU/Linux

❯ lsb_release -d
Description:    Debian GNU/Linux 11 (bullseye)

❯ openssl version
OpenSSL 1.1.1k  25 Mar 2021

❯ python3.9 -VV
Python 3.9.2 (default, Feb 28 2021, 17:03:44) 
[GCC 10.2.1 20210110]

❯ python3.10 -VV
Python 3.10.0 (default, Oct  5 2021, 00:24:29) [GCC 10.2.1 20210110]

❯ python3.11 -VV
Python 3.11.0a1+ (heads/main:547d26aa08, Oct 15 2021, 17:35:52) [GCC 10.2.1 20210110]

❯ python3.9 -c 'import ssl; print(ssl.OPENSSL_VERSION)'
OpenSSL 1.1.1k  25 Mar 2021

❯ python3.10 -c 'import ssl; print(ssl.OPENSSL_VERSION)'
OpenSSL 1.1.1k  25 Mar 2021

❯ python3.11 -c 'import ssl; print(ssl.OPENSSL_VERSION)'
OpenSSL 1.1.1k  25 Mar 2021
```

Note that the same happens with pyenv-compiled Python 3.9.7 (same way as I compiled 3.10 and 3.11), to rule out issues with different installation methods:

```
❯ python3.9 -VV
Python 3.9.7 (default, Oct  8 2021, 10:30:22) 
[GCC 10.2.1 20210110]
```

Sorry, I mean it works fine with Python 3.9.2 from apt as well as Python 3.9.7 from pyenv. But 3.10.0 and 3.11-dev from pyenv are broken.

Never mind, I found the root cause after some debugging. Adding AES256-GCM-SHA384 to the cipher string resolved the issue.

And now I see that the release notes say this:

> The ssl module now has more secure default settings. Ciphers without forward secrecy or SHA-1 MAC are disabled by default. Security level 2 prohibits weak RSA, DH, and ECC keys with less than 112 bits of security. SSLContext defaults to minimum protocol version TLS 1.2. Settings are based on Hynek Schlawack’s research. (Contributed by Christian Heimes in bpo-43998.)