bpo-34009: Expand on platform support changes (GH-8022) · python/cpython@5fe7c98 (original) (raw)

`@@ -1304,8 +1304,8 @@ Host name validation can be customized with

`

1304

1304

`.. note::

`

1305

1305

` The improved host name check requires a libssl implementation compatible

`

1306

1306

` with OpenSSL 1.0.2 or 1.1. Consequently, OpenSSL 0.9.8 and 1.0.1 are no

`

1307

``

`-

longer supported. The ssl module is mostly compatible with LibreSSL 2.7.2

`

1308

``

`-

and newer.

`

``

1307

`` +

longer supported (see :ref:37-platform-support-removals for more details).

``

``

1308

`+

The ssl module is mostly compatible with LibreSSL 2.7.2 and newer.

`

1309

1309

``

1310

1310

``` The ssl module no longer sends IP addresses in SNI TLS extension.

`1311`

`1311`

`` (Contributed by Christian Heimes in :issue:`32185`.)

``

`` @@ -2069,10 +2069,33 @@ or higher. (Contributed by Serhiy Storchaka in :issue:`27867`.)

``

`2069`

`2069`

`` (Contributed by Antoine Pitrou in :issue:`16500`.)

``

`2070`

`2070`

``

`2071`

`2071`

``

``

`2072`

`+

.. _37-platform-support-removals:

`

``

`2073`

`+`

`2072`

`2074`

`Platform Support Removals

`

`2073`

`2075`

`=========================

`

`2074`

`2076`

``

`2075`

``

`-

FreeBSD 9 and older are no longer officially supported.

`

``

`2077`

`+

* FreeBSD 9 and older are no longer officially supported.

`

``

`2078`

`+

* For full Unicode support, including within extension modules, \*nix platforms

`

``

`2079`

``` +

are now expected to provide at least one of ``C.UTF-8`` (full locale),

``

2080

 ``C.utf8`` (full locale) or ``UTF-8`` (``LC_CTYPE``-only locale) as an

``

2081

 alternative to the legacy ``ASCII``-based ``C`` locale.

``

2082

`+

• OpenSSL 0.9.8 and 1.0.1 are no longer supported, which means building CPython

`

``

2083

`+

3.7 with SSL/TLS support on older platforms still using these versions

`

``

2084

`+

requires custom build options that link to a more recent version of OpenSSL.

`

``

2085

+

``

2086

`+

Notably, this issue affects the Debian 8 (aka "jessie") and Ubuntu 14.04

`

``

2087

`+

(aka "Trusty") LTS Linux distributions, as they still use OpenSSL 1.0.1 by

`

``

2088

`+

default.

`

``

2089

+

``

2090

`+

Debian 9 ("stretch") and Ubuntu 16.04 ("xenial"), as well as recent releases

`

``

2091

`+

of other LTS Linux releases (e.g. RHEL/CentOS 7.5, SLES 12-SP3), use OpenSSL

`

``

2092

`+

1.0.2 or later, and remain supported in the default build configuration.

`

``

2093

+

``

2094

`` +

CPython's own :source:CI configuration file <.travis.yml> provides an

``

``

2095

`+

example of using the SSL

`

``

2096

`` +

:source:compatibility testing infrastructure <Tools/ssl/multissltests.py> in

``

``

2097

`+

CPython's test suite to build and link against OpenSSL 1.1.0 rather than an

`

``

2098

`+

outdated system provided OpenSSL.

`

2076

2099

``

2077

2100

``

2078

2101

`API and Feature Removals

`