On Jan 10, 2017, at 15:07, Ronald Oussoren <ronaldousso...@mac.com> wrote: >> On 10 Jan 2017, at 21:02, Donald Stufft <don...@stufft.io> wrote: >>> On Jan 10, 2017, at 3:01 PM, Ronald Oussoren <ronaldousso...@mac.com> wrote: >>>> On 10 Jan 2017, at 14:24, Donald Stufft <don...@stufft.io> wrote: >>>> […] Past that, macOS is going to be the >>>> largest casualty since their system Python does not support TLSv1.2 yet in >>>> any >>>> version of their OS. >>> Not just the system Python on OSX, this also affects all Python.org >>> installers for OSX except 3.6. The 3.6 installer is the first one that >>> doesn’t use the system installation of OpenSSL.
That's not quite accurate. The 32-bit-only macOS python.org installers for recent 2.7.x and 3.x releases are also linked with a private current set of OpenSSL libraries. For 3.6, we no longer supply the 32-bit-only installer and the 64-bit/32-bit installer is now linked with the private OpenSSL as you note. >>> Annoyingly with OpenSSL on OSX you have to options: either use an >>> up-to-date release or have OpenSSL use the system CA trust store, but not >>> both. Sigh… It would be nice if someone would do the work to figure out whether it is feasible to use Apple's own Crypto and TLS API's as apparently libcurl does. >>> I have no idea how may users use the Python.org installers on OSX, but this >>> has the potential to affect a largish number of users on OSX including >>> newbies (but far from all users on OSX, there’s also a sizeable population >>> using Homebrew or Anaconda). And MacPorts. I don't know about Anaconda but the other two already use their own private versions of OpenSSL AFAIK. -- Ned Deily n...@python.org -- [] _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig