[Distutils] Announcement: TLSv1.2 will become mandatory in the future
Nick Coghlan
ncoghlan at gmail.com
Wed Jan 11 00:00:32 EST 2017
On 11 January 2017 at 14:04, Donald Stufft <donald at stufft.io> wrote:
> On Jan 10, 2017, at 10:59 PM, Nick Coghlan <ncoghlan at gmail.com> wrote:
> (The problem with RHEL 6 is that even though the *OS* has supported
> TLS v1.2 since RHEL 6.5, *Python 2.6* doesn't properly support
> accessing them through the standard library's SSL module, since it's
> missing the features backported from 3.x by PEP 466)
>
> No, but it doesn’t matter, the version of Python doesn’t control it at all
> since we use PROTOCOL_SSLv23 which will automatically negotiate the highest
> protocol OpenSSL supports, whether Python has bound the PROTOCOL_TLSv1_X
> constant and implemented the methods for it or not. So Python 2.6 is
> perfectly capable of talking to a TLSv1.2 site (it however, is not capable
> of explicitly saying it *needs* only TLSv1.2).
>
> See:
>
> $ python2.6 -c "import urllib2,json;
> print(json.loads(urllib2.urlopen('https://www.howsmyssl.com/a/check').read())['tls_version'])"
> TLS 1.2
Ah, excellent. In that case, RHEL 6 should be fine as well, as 6.5 was
released back in 2013, and the extended update support for 6.4 ended
in March 2015.
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Distutils-SIG
mailing list