[Python-Dev] Supported versions of OpenSSL (original) (raw)
Benjamin Peterson benjamin at python.org
Sun Aug 28 19:06:37 EDT 2016
- Previous message (by thread): [Python-Dev] Supported versions of OpenSSL
- Next message (by thread): [Python-Dev] Supported versions of OpenSSL
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, Aug 28, 2016, at 13:40, Christian Heimes wrote:
Here is the deal for 2.7 to 3.5:
1) All versions older than 0.9.8 are completely out-of-scope and no longer supported.
+1
2) 0.9.8 is semi-support. Python will still compile and work with 0.9.8. However we do NOT promise that is secure to run 0.9.8. We also require a recent version. Patch level 0.9.8zc from October 2014 is reasonable because it comes with SCSV fallback (CVE-2014-3566).
I think we should support 0.9.8 for 2.7 and drop it for 3.6.
3) 1.0.0 is irrelevant. Users are either stuck on 0.9.8 or are able to upgrade to 1.0.1+. Let's not support it. 4) 1.0.1 is discouraged but still supported until its EOL. 5) 1.0.2 is the recommend version. 6) 1.1 support will be added by #26470 soon.
Thanks for writing this patch!
- Previous message (by thread): [Python-Dev] Supported versions of OpenSSL
- Next message (by thread): [Python-Dev] Supported versions of OpenSSL
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]