Messaging applications using the Proton Python API to provision an SSL/TLS encrypted TCP connection may actually instantiate a non-encrypted connection without notice if SSL support is unavailable. This will result in all messages being sent in the clear without the knowledge of the user. Apache Qpid Proton python API versions starting at 0.9 and up to 0.12.0 are affected.