We should expose SSL contexts at the Python level, and rework SSL sockets to use those objects internally (rather than creating their own private context).
It would allow to:
- specify the various options iteratively, rather than having to dump them all in the wrap_socket() arguments
- add methods to query information about the current options, key/cert, etc.
- solve issue3823 (you can build the context first, passing it the key/cert info, then drop privileges before creating any sockets)
- more easily share and reuse configuration information
- possibly add more powerful functionality such as sessions

The way I see it, the existing wrap_socket() module-level function would be kept for compatibility; context objects would expose their own wrap_socket() method, without all the arguments of course.