[Python-Dev] Supported versions of OpenSSL
Christian Heimes
christian at python.org
Mon Aug 29 17:20:32 EDT 2016
On 2016-08-29 23:00, Gregory P. Smith wrote:
>
> Given that you already said:
>
> """
> For 3.6 I don't require any 1.0.2 feature yet. The 1.1.0 patch keeps
> code compatible with 0.9.8zc to 1.1.0. But as soon as I use new
> features, the ssl module will no longer be source and build compatible
> with < 1.0.2. There is also the point of OpenSSL 1.0.1. It reaches
> end-of-lifetime by the end if this year. 1.0.2 will be supported until 2019.
>
> I'm tempted to require 1.0.2 for Python 3.6 but it's technically not
> necessary yet.
> """
>
> That to me means we should keep support for 1.0.1 in Python 3.6 unless
> there are features in 1.0.2 that you find are an absolute must have
> within the next two weeks. We're going to be entering 3.6beta on
> September 12th and current stable distros do not ship with a more recent
> version so lets not make the lives of our developers and buildbot
> maintainers hell by forcing them to install a special version.
>
> Lets make 3.7 require a higher version. The common OSS OS distros of its
> time will be better prepared.
My multissl test script allows me to compile and test _ssl.c and
_hashopenssl.c with multiple versions of OpenSSL and LibreSSL in less
than a minute. For 3.6 I have verified source compatibility with 0.9.8zc
(maybe even older) up to 1.1.0.
My argument with MAL is about future features for 3.7. I'm not planning
to require 1.0.2 APIs for 3.6 yet. This may change in case new security
issues are found. I might clean up the ssl module and require 0.9.8zc+
during beta, though.
Christian
More information about the Python-Dev
mailing list