[Python-Dev] Supported versions of OpenSSL
Antoine Pitrou
solipsis at pitrou.net
Tue Aug 30 12:00:35 EDT 2016
On Sun, 28 Aug 2016 22:40:11 +0200
Christian Heimes <christian at python.org> wrote:
>
> Here is the deal for 2.7 to 3.5:
>
> 1) All versions older than 0.9.8 are completely out-of-scope and no
> longer supported.
>
> 2) 0.9.8 is semi-support. Python will still compile and work with 0.9.8.
> However we do NOT promise that is secure to run 0.9.8. We also require a
> recent version. Patch level 0.9.8zc from October 2014 is reasonable
> because it comes with SCSV fallback (CVE-2014-3566).
>
> 3) 1.0.0 is irrelevant. Users are either stuck on 0.9.8 or are able to
> upgrade to 1.0.1+. Let's not support it.
>
> 4) 1.0.1 is discouraged but still supported until its EOL.
>
> 5) 1.0.2 is the recommend version.
>
> 6) 1.1 support will be added by #26470 soon.
>
> 7) LibreSSL 2.3 is supported but with a slightly limited feature set.
Can you expand briefly how "limited" the feature set is? Does it only
disable some arcane features, so that e.g. asyncio + TLS supports works
fine?
Other than that, it all sounds good to me.
Regards
Antoine.
More information about the Python-Dev
mailing list