Python's SSL state has been worse than other languages because of the 2.x -> 3.x transition, so basically 2.7 was left broken for longer than ideal. Eventually, they decided to backport most of the network security improvements (http://legacy.python.org/dev/peps/pep-0466/), see there the timeline.

Notice that this applies to the standard library; many people use the requests library which not only offers a superior API but also more security by default.