[Python-Dev] RFC: Backport ssl.MemoryBIO and ssl.SSLObject to Python 2.7
Cory Benfield
cory at lukasa.co.uk
Thu Jun 1 06:47:31 EDT 2017
> On 1 Jun 2017, at 11:39, David Wilson <dw+python-dev at hmmz.org> wrote:
>
> Hi Cory,
>
> On Thu, Jun 01, 2017 at 11:22:21AM +0100, Cory Benfield wrote:
>
>> We want to support as many TLS backends as possible.
>
> Just a wild idea, but have you investigated a pure-Python fallback for
> 2.7 such as TLSlite? Of course the fallback need only be used during
> bootstrapping, and the solution would be compatible with every stable
> LTS Linux distribution release that was not shipping the latest and
> greatest 2.7.
I have, but discarded the idea. There are no pure-Python TLS implementations that are both feature-complete and actively maintained. Additionally, doing crypto operations in pure-Python is a bad idea, so any implementation that did crypto in Python code would be ruled out immediately (which rules out TLSLite), so I’d need what amounts to a custom library: pure-Python TLS with crypto from OpenSSL, which is not currently exposed by any Python module. Ultimately it’s just not a winner.
Cory
More information about the Python-Dev
mailing list