Remove the check for PROTOCOL_SSLv23

PROTOCOL_SSLv23 is a constant (admittedly poorly named) that will always
negotiate the highest protocol version that both the client and server
support. It will, for example, negotiate TLSv1.2 if both client and
server can use it. Calling it out as "insecure" is patently wrong.

Change-Id: Ie4f16bee35e7e8be2c6e55e28384d2c6c554d249

bandit.yaml

@@ -90,7 +90,6 @@ hardcoded_password:
 ssl_with_bad_version:
     bad_protocol_versions:
         - 'PROTOCOL_SSLv2'
-        - 'PROTOCOL_SSLv23'
         - 'SSLv2_METHOD'
         - 'SSLv23_METHOD'
         - 'PROTOCOL_SSLv3'  # strict option

examples/ssl-insecure-version.py

@@ -2,12 +2,10 @@ import ssl
 from pyOpenSSL import SSL
 
 ssl.wrap_socket(ssl_version=ssl.PROTOCOL_SSLv2)
-ssl.wrap_socket(ssl_version=ssl.PROTOCOL_SSLv23)
 SSL.Context(method=SSL.SSLv2_METHOD)
 SSL.Context(method=SSL.SSLv23_METHOD)
 
 herp_derp(ssl_version=ssl.PROTOCOL_SSLv2)
-herp_derp(ssl_version=ssl.PROTOCOL_SSLv23)
 herp_derp(method=SSL.SSLv2_METHOD)
 herp_derp(method=SSL.SSLv23_METHOD)
 
@@ -27,9 +25,6 @@ ssl.wrap_socket()
 def open_ssl_socket(version=ssl.PROTOCOL_SSLv2):
     pass
 
-def open_ssl_socket(version=ssl.PROTOCOL_SSLv23):
-    pass
-
 def open_ssl_socket(version=SSL.SSLv2_METHOD):
     pass
 

tests/test_functional.py

@@ -190,7 +190,7 @@ class FunctionalTests(unittest.TestCase):
     def test_ssl_insecure_version(self):
         path = os.path.join(os.getcwd(), 'examples', 'ssl-insecure-version.py')
         self.b_mgr.run_scope([path])
-        self.assertEqual(self.b_mgr.scores[0], 141)
+        self.assertEqual(self.b_mgr.scores[0], 121)
 
     def test_subprocess_call_linebreaks(self):
         path = os.path.join(os.getcwd(), 'examples',