[Pythonmac-SIG] apple-Python and TLS 1.0

[Ronald Oussoren]

> On 10 Jan 2017, at 20:43, Ronald Oussoren <ronaldoussoren at mac.com> wrote:
> 
> 
>> On 10 Jan 2017, at 17:05, Jack Jansen <Jack.Jansen at cwi.nl> wrote:
>> 
>> I have completely ignored this whole TLS 1.0 versus TLS 1.2 security debate until know, but just now the following post came in on python-announce, which seems to suggest that TLS 1.0 is really about to be phased out: https://mail.python.org/pipermail/python-announce-list/2017-January/011437.html
>> 
>> I think Python 2.7 older that 2.7.13 (i.e. including the apple-shipped Pythons) don’t support TLS 1.2 by default, which would seem to suggest that things like pip will stop working as of this summer.
>> 
>> Or am I overreacting?
> 
> You are not. Annoyingly Donald Stufft already noticed that Apple’s Python is problematic, but breaking for users on a major OS is apparently not a problem :-(

Breaking Python tools is probably not really on Fastly’s radar and not something that the PyPI folks can easily avoid.

> 
> This shouldn’t be a problem for most serious development as those users likely use a separate python installation anyway, but this will affect casual users including at least some new users. 

BTW. This doesn’t just break /usr/bin/python but also the Python.org <http://python.org/> installation of 2.7 (including 2.7.13), and likely any Python.org <http://python.org/> install exception 3.6 as  all installers upto 3.6 use the system OpenSSL that doesn’t support anything beyond TLS 1.0.

Ronald

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/pythonmac-sig/attachments/20170110/ae718a81/attachment.html>