[Python-Dev] PEP 466 (round 2): Network security enhancements for Python 2.7 (original) (raw)

M.-A. Lemburg mal at egenix.com
Mon Mar 24 10:10:18 CET 2014

On 23.03.2014 08:07, Nick Coghlan wrote:

Open Questions ==============

* What are the risks associated with allowing OpenSSL to be updated to new feature versions in the Windows and Mac OS X binary installers for maintenance releases? Currently we just upgrade to the appropriate OpenSSL maintenance releases, rather than switching to the latest feature release. In particular, is it possible Windows C extensions may be linking against the Python provided OpenSSL module?

Python's _ssl/_hashlib modules link statically against OpenSSL in Python 2.7, so the OpenSSL DLLs are not exposed to other extensions.

The OpenSSL version used for 2.7.6 is 0.9.8y.

Upgrading to 1.0.0 or 1.0.1 will likely need a few minor tweaks, but not cause general breakage - at least that's my experience with the egenix-pyopenssl distribution.

-- Marc-Andre Lemburg eGenix.com

Professional Python Services directly from the Source (#1, Mar 24 2014)

Python Projects, Consulting and Support ... http://www.egenix.com/ mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/ mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/

2014-03-29: PythonCamp 2014, Cologne, Germany ... 5 days to go 2014-04-09: PyCon 2014, Montreal, Canada ... 16 days to go 2014-04-29: Python Meeting Duesseldorf ... 36 days to go

eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/

More information about the Python-Dev mailing list