On Sat, Jan 13, 2018, 05:24 Antoine Pitrou, <solip...@pitrou.net> wrote:
> On Sat, 13 Jan 2018 13:54:33 +0100 > Christian Heimes <christ...@python.org> wrote: > > > > If we agree to drop support for OpenSSL 0.9.8 and 1.0.1, then I can land > > bunch of useful goodies like proper hostname verification [2], proper > > fix for IP address in SNI TLS header [3], PEP 543 compatible Certificate > > and PrivateKey types (support loading certs and keys from file and > > memory) [4], and simplified cipher suite configuration [5]. I can > > finally clean up _ssl.c during the beta phase, too. > > Given the annoyance of supporting old OpenSSL versions, I'd say +1 to > this. > +1 from me as well for the improved security. -Brett > We'll have to deal with the complaints of users of Debian oldstable, > CentOS 6 and RHEL 6, though. > > Regards > > Antoine. > > > _______________________________________________ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/brett%40python.org >
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
