[Cryptography-dev] [Proposal] Deprecating and removing support for OpenSSL 0.9.8
Misaki Miyashita
misaki.miyashita at oracle.com
Tue Jan 26 11:05:04 EST 2016
Oracle Solaris is fine with dropping 0.9.8 support as well.
Thank you.
Regards,
Misaki Miyashita
------------------------------------------
Oracle Solaris
Principal Software Engineer
On 1/22/2016 3:58 PM, Alex Gaynor wrote:
> Hi all,
>
> I'd like to propose we deprecate support for OpenSSL 0.9.8 in our next
> release, and remove support in the release after (we already emit
> warnings in our current release, so this is consistent with our schedule).
>
> Rationale: OpenSSL 0.9.8 is old, does not support modern web security
> (e.g. no TLS 1.2), and supporting it adds complexity, in the form of
> hundreds of additional lines of code and configuration options.
>
> Supporting data: As of pip 8 (released this week, already used for
> something like 1/3 of PyPI downloads), the user agent of pip includes
> the system's OpenSSL version. Looking at the data (excluding Windows
> and OS X, since on those platforms we include OpenSSL 1.0.2 in our
> wheels). The overall distribution is:
>
>
>
> Indicating that OpenSSL 0.9.8 on Linux repersents less than 1% of all
> installations.
>
> Looking at per-package data, here are the percent of downloads using
> OpenSSL 0.9.8 for some relevant packages:
>
> - unidecode: 7.6% (This is the package with the highest percent of
> 0.9.8 users)
> - rsa: 3.3%
> - pyasn1: 2.2%
> - requests: 1.6%
> - pycrypto: 0.8%
> - pip: 0.6%
> - pyopenssl: 0.4%
> - letsencrypt-apache: 0.3%
> - cryptography: 0.3%
>
>
> I think these numbers are low enough that we can safely drop OpenSSL
> 0.9.8 support.
>
> Platforms specifically known to be affected:
> - RHEL/CentOS 5 and older
> - Debian Squeeze (baed on OpenSSL version, this is where most of the
> affected users will be).
>
>
> Thoughts? Will you be affected by this?
> Alex
>
> --
> "I disapprove of what you say, but I will defend to the death your
> right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
> "The people's good is the highest law." -- Cicero
> GPG Key fingerprint: 125F 5C67 DFE9 4084
>
>
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20160126/d9d87c84/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 44428 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20160126/d9d87c84/attachment-0001.png>
More information about the Cryptography-dev
mailing list