[Distutils] Announcement: TLSv1.2 will become mandatory in the future

Nick Coghlan ncoghlan at gmail.com
Wed Jan 11 21:58:23 EST 2017

On 12 January 2017 at 04:26, Brett Cannon <brett at python.org> wrote:
> On Tue, 10 Jan 2017 at 12:51 Donald Stufft <donald at stufft.io> wrote:
>> [SNIP]
>> It would be really nice if we could deprecate `ssl` (which has a bunch of
>> OpenSSL specific stuff in it) and add a new `tls` module that served as an
>> implementation agnostic library that would use OpenSSL on *nix,
>> SecureTransport on macOS, and SChannel on Windows. However, in the mean time
>> there are some folks poking to see about making something pip suitable that
>> will enable us to use SecureTransport at least.
> I know both Cory Benfield and Christian Heimes brought this up briefly at
> the PyCon US 2016 language summit at the end of their SSL discussion, but I
> don't think it went anywhere because there was some other discussion that
> dominated the end of their talk (I've now tweeted at them about this
> discussion).
> I know Steve has also said he would love to see a agnostic TLS library so
> that Windows' built-in libraries for this stuff could be directly used. With
> the predicament this is going to put us in I think it makes it very prudent
> to create a tls module for the stdlib.

Logistically, something I think we should explore for such a module is
using the same ensuretls/tls split that we did for ensurepip/pip. That
way it can be more readily updated in line with the evolution of
network security standards and operating system crpytographic APIs,
rather than being locked into being updated in line with the evolution
of the Python language definition.


Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia

More information about the Distutils-SIG mailing list