Comment 7 for bug 1771773

Oh right, I see there's two different "wrap_socket" methods, one at the module level (https://docs.python.org/2/library/ssl.html#ssl.wrap_socket) and one one the new SSLContext object (new in 2.7.9 / 3.2.0 https://docs.python.org/2/library/ssl.html#ssl.SSLContext.wrap_socket). Only the latter appears to provide a way to allow use of multiple versions, and because OpenSSL is so awesome, you can't list the protocols you want, rather you have to list the ones you don't want :-(

So on python < 2.7.9, we would have to raise an error if the admin had requested multiple versions in nova.conf. On Python >= 2.7.9 we would have to see what they requested, and tell openssl to disable the inverse set.