ssl_options should not be used anymore to configure ssl. ssl_context should be used.
Before 3.17.0, the ssl was enabled by passing some ssl_options and wrapping the socket directly in the connection factory. Unfortunately.. this is the old way to do things and has some limitations. e.g loading a key in memory or using an encrypted key that requires a password.
For this purpose, we introduced the ability to specify directly the SSLContext to use. With this, everything about ssl is defered to Python itself, and not the driver.
Recommended way to create the SSLContext: https://docs.python.org/3/library/ssl.html#ssl.create_default_context