[Distutils] Announcement: TLSv1.2 will become mandatory in the future

Nick Coghlan ncoghlan at gmail.com
Tue Jan 10 22:59:43 EST 2017

On 10 January 2017 at 23:24, Donald Stufft <donald at stufft.io> wrote:
> Looking at the download numbers, the absolute largest driver of TLSv1.0 and
> TLSv1.1 traffic to PyPI are old versions of pip or other clients where I
> cannot
> tell the OS that they are being run on.

Can you tell the Python version they're running even with older clients?

I just checked the exact dates/versions where TLS v1.2 was properly
enabled in the various versions of Python that Red Hat ships, and this
change should be fine for:

* RHEL/CentOS 7.2+ (PEP 466 backport released November 2015)
* Red Hat Software Collections 2.2+ (PEP 466 backport released May 2016)

However, folks currently using the system Python 2.6 installation in
RHEL/CentOS 6 are going to need to upgrade to Python 2.7 somehow,
whether that's by:

- upgrading to RHEL/CentOS 7
- doing a parallel install via RHSCL/softwarecollections.org
- doing a parallel install via ius.io

(The problem with RHEL 6 is that even though the *OS* has supported
TLS v1.2 since RHEL 6.5, *Python 2.6* doesn't properly support
accessing them through the standard library's SSL module, since it's
missing the features backported from 3.x by PEP 466)


Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia

More information about the Distutils-SIG mailing list