[Python-Dev] RFC: Backport ssl.MemoryBIO and ssl.SSLObject to Python 2.7

Antoine Pitrou solipsis at pitrou.net
Thu Jun 1 06:01:31 EDT 2017


On Thu, 1 Jun 2017 19:50:22 +1000
Chris Angelico <rosuav at gmail.com> wrote:
> On Thu, Jun 1, 2017 at 7:23 PM, Antoine Pitrou <antoine at python.org> wrote:
> >> Do you also disagree on the need of the need of the PEP 546
> >> (backport) to make the PEP 543 (new TLS API) feasible in practice?  
> >
> > Yes, I disagree.  We needn't backport that new API to Python 2.7.
> > Perhaps it's time to be reasonable: Python 2.7 has been in bugfix-only
> > mode for a very long time.  Python 3.6 is out.  We should move on.  
> 
> But it is in *security fix* mode for at least another three years
> (ish). Proper use of TLS certificates is a security question.

Why are you bringing "proper use of TLS certificates"?  Python 2.7
doesn't need another backport for that.  The certifi package is
available for Python 2.7 and can be integrated simply with the existing
ssl module.

Regards

Antoine.




More information about the Python-Dev mailing list