[Thomas Heller]

For the 2.3.1 Windows binaries, I've followed the instructions in PCBuild\readme.txt and downloaded the sources for the additional packages. I have

bzip2-1.0.2.tar.gz db-4.1.25.NC.zip tcl843-src.zip tk843-src.zip openssl-0.9.7b.tar.gz

and zlib-1.1.4.

All these versions are exactly those the readme file mentions, with the exception of openssl. Quote from the PCBuild\readme.txt:

Get the latest source code for OpenSSL from http://www.openssl.org

You (probably) don't want the "engine" code. For example, get openssl-0.9.6g.tar.gz not openssl-engine-0.9.6g.tar.gz

Unpack into the "dist" directory, retaining the folder name from the archive - for example, the latest stable OpenSSL will install as dist/openssl-0.9.6g

You can (theoretically) use any version of OpenSSL you like - the build process will automatically select the latest version.

Is it important to use the same openssl version that Python 2.3.0 used, or is the readme file correct in saying that the latest version is the one to use?

Nobody knows, because nobody (AFAIK) has ever tried building the Windows Python with an OpenSSL release other than the one mentioned in README.txt. Try it and see whether it works? That would be a happier suggestion if the Python test suite exercised more of the SSL code.

And does this have to be mentioned somewhere (Misc/NEWS, the readme file for windows)?

PCbuild\readme.txt in a given release is intended to describe exactly how that release was built, in detail sufficient so that someone other than the person who built the release stands a good chance of reproducing the whole bit. I've also added a NEWS entry when moving to a different release of any of the 3rd-party packages. That's just full disclosure <wink>.