[Distutils] Announcement: TLSv1.2 will become mandatory in the future

Nick Coghlan ncoghlan at gmail.com
Wed Jan 11 00:00:32 EST 2017

On 11 January 2017 at 14:04, Donald Stufft <donald at stufft.io> wrote:
> On Jan 10, 2017, at 10:59 PM, Nick Coghlan <ncoghlan at gmail.com> wrote:
> (The problem with RHEL 6 is that even though the *OS* has supported
> TLS v1.2 since RHEL 6.5, *Python 2.6* doesn't properly support
> accessing them through the standard library's SSL module, since it's
> missing the features backported from 3.x by PEP 466)
> No, but it doesn’t matter, the version of Python doesn’t control it at all
> since we use PROTOCOL_SSLv23 which will automatically negotiate the highest
> protocol OpenSSL supports, whether Python has bound the PROTOCOL_TLSv1_X
> constant and implemented the methods for it or not. So Python 2.6 is
> perfectly capable of talking to a TLSv1.2 site (it however, is not capable
> of explicitly saying it *needs*  only TLSv1.2).
> See:
> $ python2.6 -c "import urllib2,json;
> print(json.loads(urllib2.urlopen('https://www.howsmyssl.com/a/check').read())['tls_version'])"
> TLS 1.2

Ah, excellent. In that case, RHEL 6 should be fine as well, as 6.5 was
released back in 2013, and the extended update support for 6.4 ended
in March 2015.


Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia

More information about the Distutils-SIG mailing list