On 07/02/2019 00.41, Ned Deily wrote: > On Feb 6, 2019, at 18:28, Steve Dower <steve.do...@python.org> wrote: >> On 06Feb2019 1423, Christian Heimes wrote: >>> Do you want to update Python 3.8 (master) only or also 3.7? I'm not >>> strictly against updating 3.7. However we have traditionally kept the >>> OpenSSL version of each branch stable. 1.1.1 comes with new features, >>> stricter security settings and some ciphers removed. >> I would prefer to stay on 1.1.0 for 3.7, but it's up to the release manager. > > Me, too. I am concerned that 1.1.1 support has not had a lot of exposure > yet. Even the "What's New" document for 3.7 states: "The ssl module has > preliminary and experimental support for TLS 1.3 and OpenSSL 1.1.1. "
That's from the alpha and beta phase of OpenSSL. Support for 1.1.1 is as stable as it can get. > I am OK with fixes for 1.1.1 support but I think it would be premature to > change the Windows and/or macOS installers from 1.1.0 to 1.1.1. 1.1.1a is a solid release. Debian testing, Fedora, and RHEL 8 beta have been shipping and testing 1.1.1 for a while. In my professional opinion it's less about stability but more about backwards compatibility issues. TLS 1.3 behaves slightly differently and 1.1.1 has dropped some weak ciphers. Christian _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
