It is a nasty surprise that truststore=None means “use the system trust store” client-side and “disable client authentication” server-side, nothing is written in that regard in the PEP, only in the docstrings of tlslib. It means that client-side setting truststore=None and truststore=TrustStore.system() are two ways to achieve the same thing. IMO the default value should be the latter, and None not supported.
I assumed truststore=None to mean “disable server authentication”. I am now reading about the insecure section, I understand the will to make it extra difficult to instantiate an insecure configuration by accident.