[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
Donald Stufft
donald at stufft.io
Sun Mar 23 00:57:55 CET 2014
They detect for ssl to have the SSLContext and use it if it's available.
> On Mar 22, 2014, at 7:54 PM, Paul Moore <p.f.moore at gmail.com> wrote:
>
>> On 22 March 2014 23:49, Donald Stufft <donald at stufft.io> wrote:
>> In the case of requests they already have an optional dependency on
>> pyopenssl. It's just many people either don't know they should use it, are
>> unable to use it, or unwilling to use the python packaging tool chain
>> because of its current flaws.
>
> Do they use the new features in the Python 3.x ssl module when it's
> available to give the same level of security as having pyopenssl
> would, or do they use a "lowest common denominator" (i.e., 2.x
> compatible) level of security when using the stdlib? If the latter,
> that would be very, very sad.
>
> Paul
More information about the Python-Dev
mailing list