[Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 / LibreSSL >= 2.5.3
Antoine Pitrou
solipsis at pitrou.net
Sat Jan 13 08:23:19 EST 2018
On Sat, 13 Jan 2018 13:54:33 +0100
Christian Heimes <christian at python.org> wrote:
>
> If we agree to drop support for OpenSSL 0.9.8 and 1.0.1, then I can land
> bunch of useful goodies like proper hostname verification [2], proper
> fix for IP address in SNI TLS header [3], PEP 543 compatible Certificate
> and PrivateKey types (support loading certs and keys from file and
> memory) [4], and simplified cipher suite configuration [5]. I can
> finally clean up _ssl.c during the beta phase, too.
Given the annoyance of supporting old OpenSSL versions, I'd say +1 to
this.
We'll have to deal with the complaints of users of Debian oldstable,
CentOS 6 and RHEL 6, though.
Regards
Antoine.
More information about the Python-Dev
mailing list