On 10 January 2017 at 23:24, Donald Stufft <don...@stufft.io> wrote: > Looking at the download numbers, the absolute largest driver of TLSv1.0 and > TLSv1.1 traffic to PyPI are old versions of pip or other clients where I > cannot > tell the OS that they are being run on.
Can you tell the Python version they're running even with older clients? I just checked the exact dates/versions where TLS v1.2 was properly enabled in the various versions of Python that Red Hat ships, and this change should be fine for: * RHEL/CentOS 7.2+ (PEP 466 backport released November 2015) * Red Hat Software Collections 2.2+ (PEP 466 backport released May 2016) However, folks currently using the system Python 2.6 installation in RHEL/CentOS 6 are going to need to upgrade to Python 2.7 somehow, whether that's by: - upgrading to RHEL/CentOS 7 - doing a parallel install via RHSCL/softwarecollections.org - doing a parallel install via ius.io (The problem with RHEL 6 is that even though the *OS* has supported TLS v1.2 since RHEL 6.5, *Python 2.6* doesn't properly support accessing them through the standard library's SSL module, since it's missing the features backported from 3.x by PEP 466) Cheers, Nick. -- Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig