diff --git a/news/4454.bugfix b/news/4454.bugfix
new file mode 100644
index 00000000000..65e1eef7965
--- /dev/null
+++ b/news/4454.bugfix
@@ -0,0 +1,2 @@
+Fallback to using SecureTransport on macOS when the linked OpenSSL is too old to
+support TLSv1.2.
diff --git a/pip/__init__.py b/pip/__init__.py
index 01b263dd218..804dfa1c43f 100755
--- a/pip/__init__.py
+++ b/pip/__init__.py
@@ -20,6 +20,25 @@
 from pip._vendor.requests.packages.urllib3.exceptions import DependencyWarning
 warnings.filterwarnings("ignore", category=DependencyWarning)  # noqa
 
+# We want to inject the use of SecureTransport as early as possible so that any
+# references or sessions or what have you are ensured to have it, however we
+# only want to do this in the case that we're running on macOS and the linked
+# OpenSSL is too old to handle TLSv1.2
+try:
+    import ssl
+except ImportError:
+    pass
+else:
+    if (sys.platform == "darwin" and
+            ssl.OPENSSL_VERSION_NUMBER < 0x1000100f):  # OpenSSL 1.0.1
+        try:
+            from pip._vendor.requests.packages.urllib3.contrib import (
+                securetransport,
+            )
+        except (ImportError, OSError):
+            pass
+        else:
+            securetransport.inject_into_urllib3()
 
 from pip.exceptions import CommandError, PipError
 from pip.utils import get_installed_distributions, get_prog