In Python’s case, the fixes amounted to backporting 3.4’s “ssl” module into 2.7.9, turning off SSLv3 by default, and enabling HTTPS certificate validation by default.