On 1/13/2018 3:02 PM, Brett Cannon wrote:
On Sat, Jan 13, 2018, 05:24 Antoine Pitrou, <solip...@pitrou.net
<mailto:solip...@pitrou.net>> wrote:
On Sat, 13 Jan 2018 13:54:33 +0100
Christian Heimes <christ...@python.org
<mailto:christ...@python.org>> wrote:
>
> If we agree to drop support for OpenSSL 0.9.8 and 1.0.1, then I
can land
> bunch of useful goodies like proper hostname verification [2], proper
> fix for IP address in SNI TLS header [3], PEP 543 compatible
Certificate
> and PrivateKey types (support loading certs and keys from file and
> memory) [4], and simplified cipher suite configuration [5]. I can
> finally clean up _ssl.c during the beta phase, too.
Given the annoyance of supporting old OpenSSL versions, I'd say +1 to
this.
+1 from me as well for the improved security.
FWIW, given that I will not be doing any of the work, +1 from me also.
--
Terry Jan Reedy
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com