[Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 / LibreSSL >= 2.5.3

Terry Reedy tjreedy at udel.edu
Sun Jan 14 03:23:01 EST 2018


On 1/13/2018 3:02 PM, Brett Cannon wrote:
> 
> 
> On Sat, Jan 13, 2018, 05:24 Antoine Pitrou, <solipsis at pitrou.net 
> <mailto:solipsis at pitrou.net>> wrote:
> 
>     On Sat, 13 Jan 2018 13:54:33 +0100
>     Christian Heimes <christian at python.org
>     <mailto:christian at python.org>> wrote:
>      >
>      > If we agree to drop support for OpenSSL 0.9.8 and 1.0.1, then I
>     can land
>      > bunch of useful goodies like proper hostname verification [2], proper
>      > fix for IP address in SNI TLS header [3], PEP 543 compatible
>     Certificate
>      > and PrivateKey types (support loading certs and keys from file and
>      > memory) [4], and simplified cipher suite configuration [5]. I can
>      > finally clean up _ssl.c during the beta phase, too.
> 
>     Given the annoyance of supporting old OpenSSL versions, I'd say +1 to
>     this.
> 
> 
> +1 from me as well for the improved security.

FWIW, given that I will not be doing any of the work, +1 from me also.

-- 
Terry Jan Reedy



More information about the Python-Dev mailing list