[Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 (original) (raw)
Wes Turner wes.turner at gmail.com
Tue Jan 16 06:28:20 EST 2018
- Previous message (by thread): [Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 / LibreSSL >= 2.5.3
- Next message (by thread): [Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 / LibreSSL >= 2.5.3
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tuesday, January 16, 2018, Steve Dower <steve.dower at python.org> wrote:
From my perspective, we can’t keep an OpenSSL-like API and use Windows platform libraries (we could do a requests-like API easily enough, but even urllib3 is painfully low-level).
Support for Windows SChannel and Apple SecureTransport is part of the TLS module.
IDK how far along that work is (whether it'll be ready for 3.7 beta 1)? Or where those volunteering to help with the TLS module can send PRs?
https://github.com/python/peps/blob/master/pep-0543.rst
https://www.python.org/dev/peps/pep-0543/
http://markmail.org/search/?q=list%3Aorg.python+PEP+543+TLS
https://www.python.org/dev/peps/pep-0543/#interfaces
We have to continue shipping our own copy of OpenSSL on Windows. Nothing to negotiate here except whether OpenSSL releases should trigger a Python release, and I think that decision can stay with the RM.
Good luck solving macOS :o) Cheers, Steve Top-posted from my Windows phone *From: *Stephen J. Turnbull <turnbull.stephen.fw at u.tsukuba.ac.jp> *Sent: *Tuesday, January 16, 2018 17:45 *To: *Matt Billenstein <matt at vazor.com> *Cc: *Christian Heimes <christian at python.org>; python-dev at python.org *Subject: *Re: [Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 / LibreSSL >=2.5.3 Matt Billenstein writes: > In my mind it becomes easier to bundle deps in a binary installer > across the board (Linux, OSX, Windows) rather than rely on whatever > version the operating system provides. Thing is, as Christian points out, TLS is a rapidly moving target. Every Mac OS or iOS update seems to link to a dozen CVEs for TLS support. We can go there if we have to, but it's often hard to go back when vendor support catches up to something reasonable. I think this is something for Ned and Christian and Steve to negotiate, since they're the ones who are most aware of the tradeoffs and bear the costs.
Python-Dev mailing list Python-Dev at python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/ steve.dower%40python.org -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20180116/ab058f21/attachment.html>
- Previous message (by thread): [Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 / LibreSSL >= 2.5.3
- Next message (by thread): [Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 / LibreSSL >= 2.5.3
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]