Aiven-Open · dogukancagatay · Mar 10, 2026
diff --git a/journalpump/rsyslog.py b/journalpump/rsyslog.py
@@ -108,11 +108,8 @@
         if protocol is None:
             protocol = "PLAINTEXT"
         if cacerts is not None or protocol == "SSL":
-            self.ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS)
+            self.ssl_context = ssl.create_default_context(cafile=cacerts)
             self.ssl_context.minimum_version = ssl.TLSVersion.TLSv1_2
-            self.ssl_context.verify_mode = ssl.CERT_REQUIRED
-            if cacerts:
-                self.ssl_context.load_verify_locations(cacerts)
             if certfile:
                 self.ssl_context.load_cert_chain(certfile, keyfile)
 
@@ -131,7 +128,7 @@
                        self.socket = self.ssl_context.wrap_socket(self.socket, server_hostname=self.server)
                    self.socket.connect(sock_addr)
                    return
                except Exception as ex:  # pylint: disable=broad-except
                    if self.socket is not None:
                        self.socket.close()
                    last_connection_error = ex