Tracker ticket for PEP 644, https://www.python.org/dev/peps/pep-0644/

This PEP proposes for CPython’s standard library to support only OpenSSL 1.1.1 LTS or newer. Support for OpenSSL versions past end-of-lifetime, incompatible forks, and other TLS libraries are dropped.

New changeset 39258d3595300bc7b952854c915f63ae2d4b9c3e by Christian Heimes in branch 'master':
bpo-43669: PEP 644: Require OpenSSL 1.1.1 or newer (GH-23014)
https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e

- Remove HAVE_X509_VERIFY_PARAM_SET1_HOST check
- Update hashopenssl to require OpenSSL 1.1.1
- multissltests only OpenSSL > 1.1.0
- ALPN is always supported
- SNI is always supported
- Remove deprecated NPN code. Python wrappers are no-op.
- ECDH is always supported
- Remove OPENSSL_VERSION_1_1 macro
- Remove locking callbacks
- Drop PY_OPENSSL_1_1_API macro
- Drop HAVE_SSL_CTX_CLEAR_OPTIONS macro
- SSL_CTRL_GET_MAX_PROTO_VERSION is always defined now
- security level is always available now
- get_num_tickets is available with TLS 1.3
- X509_V_ERR MISMATCH is always available now
- Always set SSL_MODE_RELEASE_BUFFERS
- X509_V_FLAG_TRUSTED_FIRST is always available
- get_ciphers is always supported
- SSL_CTX_set_keylog_callback is always available
- Update Modules/Setup with static link example
- Mention PEP in whatsnew
- Drop 1.0.2 and 1.1.0 from GHA tests

New changeset b8d0fa035d74ae6ae00794c9af636b427c5dc650 by Christian Heimes in branch 'master':
bpo-43669: Remove OpenSSL 0.9 to 1.1.0 specific documentation (GH-25453)
https://github.com/python/cpython/commit/b8d0fa035d74ae6ae00794c9af636b427c5dc650

New changeset d37b74f341c5a215e2fdd5eb4f8c0182f327635c by Christian Heimes in branch 'master':
bpo-43669: More test_ssl cleanups (GH-25470)
https://github.com/python/cpython/commit/d37b74f341c5a215e2fdd5eb4f8c0182f327635c