diff --git a/README.rst b/README.rst
index ff8d3f00f4c96f2e0bd14a01d50b883ae9f2d12b..cc65195bf148bf80c190c1010b453bf028c63b72 100644
--- a/README.rst
+++ b/README.rst
@@ -232,7 +232,7 @@ tls_set()
 ::
 
     tls_set(ca_certs=None, certfile=None, keyfile=None, cert_reqs=ssl.CERT_REQUIRED,
-        tls_version=ssl.PROTOCOL_TLSv1, ciphers=None)
+        tls_version=ssl.PROTOCOL_TLS, ciphers=None)
 
 Configure network encryption and authentication options. Enables SSL/TLS support.
 
@@ -246,7 +246,7 @@ cert_reqs
     defines the certificate requirements that the client imposes on the broker. By default this is ``ssl.CERT_REQUIRED``, which means that the broker must provide a certificate. See the ssl pydoc for more information on this parameter.
 
 tls_version
-    specifies the version of the SSL/TLS protocol to be used. By default TLS v1 is used. Previous versions (all versions beginning with SSL) are possible but not recommended due to possible security problems.
+    specifies the version of the SSL/TLS protocol to be used. By default (if the python version supports it) the highest TLS version is detected. If unavailable, TLS v1 is used. Previous versions (all versions beginning with SSL) are possible but not recommended due to possible security problems.
 
 ciphers
     a string specifying which encryption ciphers are allowable for this connection, or ``None`` to use the defaults. See the ssl pydoc for more information.
diff --git a/src/paho/mqtt/client.py b/src/paho/mqtt/client.py
index 85d6bac31b9e67f7286138dc4fdd9ef7412b4571..54a9983a16b6e07505b493ec4ee546e1f8d19986 100755
--- a/src/paho/mqtt/client.py
+++ b/src/paho/mqtt/client.py
@@ -641,6 +641,9 @@ class Client(object):
         # Create SSLContext object
         if tls_version is None:
             tls_version = ssl.PROTOCOL_TLSv1
+            # If the python version supports it, use highest TLS version automatically
+            if hasattr(ssl, "PROTOCOL_TLS"):
+                tls_version = ssl.PROTOCOL_TLS
         context = ssl.SSLContext(tls_version)
 
         # Configure context
diff --git a/test/paho_test.py b/test/paho_test.py
index 99a8c1bd3af2782b431b7a64666ecb59aa8201d3..a59147c1c94b2126d58fde058f97866c01fd5e8d 100644
--- a/test/paho_test.py
+++ b/test/paho_test.py
@@ -20,12 +20,16 @@ def create_server_socket_ssl(*args, **kwargs):
     if ssl is None:
         raise RuntimeError
 
+    ssl_version = ssl.PROTOCOL_TLSv1
+    if hasattr(ssl, "PROTOCOL_TLS"):
+        ssl_version = ssl.PROTOCOL_TLS
+
     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
     ssock = ssl.wrap_socket(
         sock, ca_certs="../ssl/all-ca.crt",
         keyfile="../ssl/server.key", certfile="../ssl/server.crt",
-        server_side=True, ssl_version=ssl.PROTOCOL_TLSv1, **kwargs)
+        server_side=True, ssl_version=ssl_version, **kwargs)
     ssock.settimeout(10)
     ssock.bind(('', 1888))
     ssock.listen(5)