> On Jan 10, 2017, at 10:59 PM, Nick Coghlan <ncogh...@gmail.com> wrote: > > On 10 January 2017 at 23:24, Donald Stufft <don...@stufft.io> wrote: >> Looking at the download numbers, the absolute largest driver of TLSv1.0 and >> TLSv1.1 traffic to PyPI are old versions of pip or other clients where I >> cannot >> tell the OS that they are being run on. > > Can you tell the Python version they're running even with older clients? > > I just checked the exact dates/versions where TLS v1.2 was properly > enabled in the various versions of Python that Red Hat ships, and this > change should be fine for: > > * RHEL/CentOS 7.2+ (PEP 466 backport released November 2015) > * Red Hat Software Collections 2.2+ (PEP 466 backport released May 2016) > > However, folks currently using the system Python 2.6 installation in > RHEL/CentOS 6 are going to need to upgrade to Python 2.7 somehow, > whether that's by: > > - upgrading to RHEL/CentOS 7 > - doing a parallel install via RHSCL/softwarecollections.org > - doing a parallel install via ius.io > > (The problem with RHEL 6 is that even though the *OS* has supported > TLS v1.2 since RHEL 6.5, *Python 2.6* doesn't properly support > accessing them through the standard library's SSL module, since it's > missing the features backported from 3.x by PEP 466) > > Cheers, > Nick. > > -- > Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia
No, but it doesn’t matter, the version of Python doesn’t control it at all since we use PROTOCOL_SSLv23 which will automatically negotiate the highest protocol OpenSSL supports, whether Python has bound the PROTOCOL_TLSv1_X constant and implemented the methods for it or not. So Python 2.6 is perfectly capable of talking to a TLSv1.2 site (it however, is not capable of explicitly saying it *needs* only TLSv1.2). See: $ python2.6 -c "import urllib2,json; print(json.loads(urllib2.urlopen('https://www.howsmyssl.com/a/check').read())['tls_version'])" TLS 1.2 — Donald Stufft
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig