I like better security but let's be honest it's a smokescreen. Python can migrate to a non-PCI CDN if _really_ needed. It is more an excuse (and a good one, I like how it sounds if I will have to tell it to my boss – we use Python 3 anyway, so it's unlikely).
I was also surprised not to find this on the page. As I understand, it will vary not only across Python versions but also on systems where it's installed. A lot of fun is about to come, I think (especially from RHEL 6 where people are stuck with Python 2.6).
I have no particular knowledge about this, but I just tried with a python2.6 (from one of Amazon's EC2 images) and it seemed to work:
$ /usr/bin/python26
Python 2.6.9 (unknown, Dec 17 2015, 01:08:55)
[GCC 4.8.3 20140911 (Red Hat 4.8.3-9)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import json, urllib2
>>> json.load(urllib2.urlopen('https://www.howsmyssl.com/a/check'))['tls_version']
u'TLS 1.2'
Uh, but it does have a "bad" rating for other reasons (looks like it supports some insecure cypher suites).
And large parts of the Python community are offering their software for free. Without that software, there would be no need for a CDN or the PSF with all its "directors".
The software on the other hand would do quite well without a lot of organizations that do peripheral work and take the credit.
I don't understand why fastly would have to turn off TLS 1.1 and older for everyone. The other CDNs out there are PCI compliant and still offer TLS 1.0 and even SSLv3 about a year ago.
I was also surprised not to find this on the page. As I understand, it will vary not only across Python versions but also on systems where it's installed. A lot of fun is about to come, I think (especially from RHEL 6 where people are stuck with Python 2.6).