By the time Python 3.10 will be generally available, Long-term support (LTS) and enterprise distributions have older versions of Linux distributions ship with OpenSSL 1.1.1 as well. Installer and alternative distributions like Conda ship with most recentĪs of October 2020 and according to DistroWatch most current BSD and No macOS and Windows user will be affected by the deprecation. OpenSSL 1.1.1 is the default variant and version of OpenSSL on almost all New features and consistent behavior, ultimately resulting in a more robust Users would be able to rely on the presence of Requiring OpenSSL 1.1.1 would allow us to give the vast majority of users aīetter experience, reduce our maintenance overhead and thus free resources On the other hand, the Python core team has onlyĪ couple of domain experts who are familiar with TLS and OpenSSL internalsĪnd even fewer who are active maintainers. Multiple incompatible APIs there are build time flags,ĭistribution-specific patches, and local crypto-policy settings that add to Multiple versions and forks as well as test and verify correctness. With some missing features and broken tests.ĭue to limited resources and time it becomes increasingly hard to support For the most part Python also works with LibreSSL >= 2.7.1 ![]() Forks like LibreSSL and BoringSSL have diverged in differentĬurrently Python versions 3.6 to 3.9 are compatible with OpenSSL 1.0.2,ġ.1.0, and 1.1.1. Reorganization that moves cryptographic algorithms out of the core and into Version 3.0.0 will deprecate more APIs due to internal Internal structs opaque and introduced new APIs that replace direct access of Introduced new APIs to verify and match hostnames. Over time OpenSSL’s public API has evolved and changed. Any bug in the ssl module’sīindings to OpenSSL can lead to a severe security issue. Module to securely download packages from PyPI. To implement secure variants of internet protocols. Standard library modules like urllib and 3rd party modules like urllib3 Stack including handling of X.509 certificates. Provides fast implementations of cryptographic primitives and a full TLS ![]() Python makes use of OpenSSL in hashlib, hmac, and ssl modules. Incompatible forks, and other TLS libraries are dropped. Support for OpenSSL versions past end-of-lifetime, This PEP proposes for CPython’s standard library to support only OpenSSLġ.1.1 LTS or newer. Toggle light / dark / auto colour theme PEP 644 – Require OpenSSL 1.1.1 or newer Author : Christian Heimes Discussions-To : Discourse thread Status : Final Type : Standards Track Created : 2 Python-Version : 3.10 Post-History : 2, 0, 1, 1 Resolution : Python-Dev message PEP 644 – Require OpenSSL 1.1.1 or newer | Following system colour scheme Selected dark colour scheme Selected light colour scheme Python Enhancement Proposals
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |