Message 274726 - Python tracker

> FWIW the cipher list (at least the restricted ones for
> ssl.create_default_context()) is explicitly documented
> as being able to be changed at any time without prior deprecation

Yes.  To be specific:  "The protocol, options, cipher and other settings may change to more restrictive values anytime without prior deprecation."

https://docs.python.org/3/library/ssl.html#ssl.create_default_context

I've seen no documentation suggesting that we can add new ciphers at any time.