osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Python-Dev] OpenSSL 1.1.1 update for 3.7/3.8


Thanks, as always

On Tue, Feb 26, 2019 at 4:45 PM Christian Heimes <christian at python.org>
wrote:

> On 26/02/2019 21.31, Wes Turner wrote:
> >> IMHO it's
> > fine to ship the last 2.7 build with an OpenSSL version that was EOLed
> > just 24h earlier.
> >
> > Is this a time / cost issue or a branch policy issue?
> >
> > If someone was to back port the forthcoming 1.1.1 to 2.7 significantly
> > before the EOL date, could that be merged?
>
> My mail is about official binary Python packages for Windows and macOS.
> We stick to an OpenSSL version to guarantee maximum backwards
> compatibility within a minor release. OpenSSL 1.1.1 has TLS 1.3 support
> and prefers TLS 1.3 over TLS 1.2. There is a small change that TLS 1.3
> breaks some assumptions.
>
> Python 2.7 works mostly fine with OpenSSL 1.1.1. There are some minor
> test issues related to TLS 1.3 but nothing serious. Linux distros have
> been shipping Python 2.7 with OpenSSL 1.1.1 for a while.
>
>
> > There are all sorts of e.g. legacy academic works that'll never be
> > upgraded etc etc
>
> That topic is out of scope and has been discussed countless times.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20190226/550c41ba/attachment.html>