[Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements

Alex Gaynor alex.gaynor at gmail.com
Wed Mar 26 00:47:38 CET 2014

At this I think this PEP has become a little too vague and abstract, and I
think we'd probably be better served by getting more concrete:


Some of Python 2's modules which are fundamentally necessary for interop with
the broader internet, and the security thereof, are missing really important

Right now Python 2 has a policy of getting absolutely new features.


We're going to ignore that policy for a couple of pretty important features to
that end.

Here's my proposed list of such featuers:

* hmac
    * constant_time_compare
* os
    * Persisant FD for os.urandom()
* ssl
    * SNI
    * SSLContext
    * A giant suite of constants from OpenSSL
    * The functions for checking a hostname against a certificate
    * The functions for finding the platform's certificate store


More information about the Python-Dev mailing list