[Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 / LibreSSL >= 2.5.3
Wes Turner
wes.turner at gmail.com
Tue Jan 16 06:28:20 EST 2018
On Tuesday, January 16, 2018, Steve Dower <steve.dower at python.org> wrote:
> From my perspective, we can’t keep an OpenSSL-like API and use Windows
> platform libraries (we *could* do a requests-like API easily enough, but
> even urllib3 is painfully low-level).
>
> Support for Windows SChannel and Apple SecureTransport is part of the TLS
module.
IDK how far along that work is (whether it'll be ready for 3.7 beta 1)? Or
where those volunteering to help with the TLS module can send PRs?
https://github.com/python/peps/blob/master/pep-0543.rst
https://www.python.org/dev/peps/pep-0543/
http://markmail.org/search/?q=list%3Aorg.python+PEP+543+TLS
https://www.python.org/dev/peps/pep-0543/#interfaces
>
>
> We have to continue shipping our own copy of OpenSSL on Windows. Nothing
> to negotiate here except whether OpenSSL releases should trigger a Python
> release, and I think that decision can stay with the RM.
>
>
>
> Good luck solving macOS :o)
>
>
>
> Cheers,
>
> Steve
>
>
>
> Top-posted from my Windows phone
>
>
>
> *From: *Stephen J. Turnbull <turnbull.stephen.fw at u.tsukuba.ac.jp>
> *Sent: *Tuesday, January 16, 2018 17:45
> *To: *Matt Billenstein <matt at vazor.com>
> *Cc: *Christian Heimes <christian at python.org>; python-dev at python.org
> *Subject: *Re: [Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 /
> LibreSSL >=2.5.3
>
>
>
> Matt Billenstein writes:
>
>
>
> > In my mind it becomes easier to bundle deps in a binary installer
>
> > across the board (Linux, OSX, Windows) rather than rely on whatever
>
> > version the operating system provides.
>
>
>
> Thing is, as Christian points out, TLS is a rapidly moving target.
>
> Every Mac OS or iOS update seems to link to a dozen CVEs for TLS
>
> support. We can go there if we have to, but it's often hard to go
>
> back when vendor support catches up to something reasonable. I think
>
> this is something for Ned and Christian and Steve to negotiate, since
>
> they're the ones who are most aware of the tradeoffs and bear the
>
> costs.
>
>
>
>
>
>
>
> _______________________________________________
>
> Python-Dev mailing list
>
> Python-Dev at python.org
>
> https://mail.python.org/mailman/listinfo/python-dev
>
> Unsubscribe: https://mail.python.org/mailman/options/python-dev/
> steve.dower%40python.org
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20180116/ab058f21/attachment.html>
More information about the Python-Dev
mailing list