[Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 / LibreSSL >= 2.5.3
Christian Heimes
christian at python.org
Sat Jan 13 09:49:21 EST 2018
On 2018-01-13 14:23, Antoine Pitrou wrote:
> On Sat, 13 Jan 2018 13:54:33 +0100
> Christian Heimes <christian at python.org> wrote:
>>
>> If we agree to drop support for OpenSSL 0.9.8 and 1.0.1, then I can land
>> bunch of useful goodies like proper hostname verification [2], proper
>> fix for IP address in SNI TLS header [3], PEP 543 compatible Certificate
>> and PrivateKey types (support loading certs and keys from file and
>> memory) [4], and simplified cipher suite configuration [5]. I can
>> finally clean up _ssl.c during the beta phase, too.
>
> Given the annoyance of supporting old OpenSSL versions, I'd say +1 to
> this.
>
> We'll have to deal with the complaints of users of Debian oldstable,
> CentOS 6 and RHEL 6, though.
It's more of an issue for Travis CI. The Python 3.7-dev target won't
have a functional ssl module. Travis either has to update their build
base to 16.04, provide a custom build of OpenSSL, or all packages have
to use a container. [1]
Christian
[1]
https://github.com/travis-ci/travis-ci/issues/5821#issuecomment-214452987
More information about the Python-Dev
mailing list