classification
Title: Upgrade to OpenSSL 1.1.1b
Type: enhancement Stage: patch review
Components: macOS, SSL, Windows Versions: Python 3.8, Python 3.7
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: alex, christian.heimes, dstufft, janssen, ned.deily, paul.moore, ronaldoussoren, steve.dower, tim.golden, zach.ware
Priority: deferred blocker Keywords: patch

Created on 2018-09-11 17:13 by christian.heimes, last changed 2019-03-24 20:06 by ned.deily.

Pull Requests
URL Status Linked Edit
PR 12094 open christian.heimes, 2019-02-28 16:11
Messages (3)
msg325034 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-09-11 17:13
OpenSSL 1.1.1 was released today. The blog post https://www.openssl.org/blog/blog/2018/09/11/release111/ lists all major improvements.

Highlights:
* TLS 1.3
* API and ABI compatible with OpenSSL 1.1.0
* LTS release (support schedule TBD)

All tests on master are passing with OpenSSL 1.1.1. I still want to hold off and wait a couple of patch releases, before we start to ship Windows and macOS builds with 1.1.1. Some aspects of the TLS 1.3 handshake are different to TLS 1.2. I might have to implement some additional APIs for post handshake authentication.
msg336846 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2019-02-28 16:07
Hi macOS and Windows devs,

as I explained in https://mail.python.org/pipermail/python-dev/2019-February/156470.html we need to update Python 3.7 to OpenSSL 1.1.1 eventually. 1.1.0 will reach EOL in September.
msg338748 - (view) Author: Ned Deily (ned.deily) * (Python committer) Date: 2019-03-24 20:06
[From the cited python-dev email]:

"Python 3.7 and master (3.8) are affected. As of now, both branches use
OpenSSL 1.1.0 and must be updated to 1.1.1 soonish. Ned has scheduled
3.7.3 release for 2019-03-25. That's still well within the release
schedule for 1.1.0. I suggest that we update to 1.1.1 directly after the
release of Python 3.7.3 and target 3.7.4 as first builds with TLS 1.3
support. That gives Victor, Steve, and me enough time to sort out the
remaining issues."

So setting the priority here to "deferred blocker" as a reminder to take care of this prior to 3.8.0b1 (2019-05-26) and 3.7.4rc1 (2019-06-10) at the latest.
History
Date User Action Args
2019-03-24 20:06:42ned.deilysetpriority: normal -> deferred blocker

messages: + msg338748
2019-02-28 16:11:58christian.heimessetkeywords: + patch
stage: patch review
pull_requests: + pull_request12102
2019-02-28 16:07:48christian.heimessettitle: Upgrade to OpenSSL 1.1.1 -> Upgrade to OpenSSL 1.1.1b
nosy: + paul.moore, ronaldoussoren, tim.golden, ned.deily, zach.ware, steve.dower

messages: + msg336846

versions: + Python 3.7
components: + macOS, Windows
2018-09-11 17:13:46christian.heimescreate