diff --git a/lib/createsend/utils.py b/lib/createsend/utils.py
index b7eec68..7396916 100644
--- a/lib/createsend/utils.py
+++ b/lib/createsend/utils.py
@@ -81,30 +81,23 @@ class VerifiedHTTPSConnection(HTTPSConnection):
 
     def connect(self):
         self.connection_kwargs = {}
-        # for > py2.5
-        if hasattr(self, 'timeout'):
-            self.connection_kwargs.update(timeout=self.timeout)
-
-        # for >= py2.7
-        if hasattr(self, 'source_address'):
-            self.connection_kwargs.update(source_address=self.source_address)
+        self.connection_kwargs.update(timeout=self.timeout)
+        self.connection_kwargs.update(source_address=self.source_address)
 
         sock = socket.create_connection(
             (self.host, self.port), **self.connection_kwargs)
 
-        # for >= py2.7
-        if getattr(self, '_tunnel_host', None):
-            self.sock = sock
+        if self._tunnel_host:
             self._tunnel()
 
         cert_path = os.path.join(os.path.dirname(__file__), 'cacert.pem')
 
-        context = ssl.SSLContext()
+        context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS_CLIENT)
         context.verify_mode = ssl.CERT_REQUIRED
         context.load_verify_locations(cert_path)
         if hasattr(self, 'cert_file') and hasattr(self, 'key_file') and self.cert_file and self.key_file:
             context.load_cert_chain(certfile=self.cert_file, keyfile=self.key_file)
-        self.sock = context.wrap_socket(sock)
+        self.sock = context.wrap_socket(sock, server_hostname=self.host)
 
         try:
             match_hostname(self.sock.getpeercert(), self.host)