On 10/01/2022 17.01, Miro Hrončok wrote:
On 09. 01. 22 19:39, Christian Heimes wrote:
Hi,
I would like to remind everybody that Python's support for OpenSSL 3.0
is preliminary [1]. Python compiles with OpenSSL 3.0.0 and simple code
kinda works. However there are known performance regressions, missing
features (e.g. usedforsecurity flag), and potential bugs cause by API
incompatibilities.
Due to the experimental state I advise against using Python with
OpenSSL 3.0 in production.
It may take a while until Python gains full support for the next
version of OpenSSL. I have shifted my personal OSS time to more fun
topics like performance and WASM. My work time is currently limited, too.
Hello Christian.
Do you think we should switch Python in Fedora 36 to OpenSSL 1.1.1?
Python was naturally rebuilt with OpenSSL 3.0 when the distro upgraded
OpenSSL. But the older version is still available.
Note that Fedora 36 is also "preliminary" so we still have time to make
this decision until +- the beta freeze/release (end of February, early
March this year).
Hi Miro,
I suggest to wait and re-evaluate the situation in a month from now. The
situation might improve by then. OpenSSL Upstream is working on
performance improvements. I have a pending fix for the hashlib
usedforsecurity feature.
For the other issues, somebody has to put in the work and review all
differences between OpenSSL 1.1.1 and 3.0.
Christian
_______________________________________________
Python-Dev mailing list -- python-dev@python.org
To unsubscribe send an email to python-dev-le...@python.org
https://mail.python.org/mailman3/lists/python-dev.python.org/
Message archived at
https://mail.python.org/archives/list/python-dev@python.org/message/C5WOH56A3MZUTL5Y3ARSNPGGUUFYEZ3G/
Code of Conduct: http://python.org/psf/codeofconduct/