Message 240810 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	dstufft
Recipients	alex, dstufft, jeremy.kloth, larry, lemburg, ned.deily, pitrou, python-dev, steve.dower, zach.ware
Date	2015-04-13.23:41:38
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1428968498.61.0.914160220191.issue23686@psf.upfronthosting.co.za>
In-reply-to

Content
I think 1.0.2 is the only version of OpenSSL that has the ability to short circuit the chain validation which is something that makes it easier for libraries like requests to remove the weak 1024 bit roots from their SSL certificate store. It's also needed for ALPN support which libraries like hyper will need in order to support HTTP/2. I'm pretty massively +1 in Python shipping 1.0.2 (or really, whatever the latest OpenSSL is) wherever it can, including the OSX installers even on systems where Apple ships it's ancient OpenSSL.

I think 1.0.2 is the only version of OpenSSL that has the ability to short circuit the chain validation which is something that makes it easier for libraries like requests to remove the weak 1024 bit roots from their SSL certificate store.

It's also needed for ALPN support which libraries like hyper will need in order to support HTTP/2.

I'm pretty massively +1 in Python shipping 1.0.2 (or really, whatever the latest OpenSSL is) wherever it can, including the OSX installers even on systems where Apple ships it's ancient OpenSSL.

History
Date	User	Action	Args
2015-04-13 23:41:38	dstufft	set	recipients: + dstufft, lemburg, pitrou, larry, ned.deily, alex, jeremy.kloth, python-dev, zach.ware, steve.dower
2015-04-13 23:41:38	dstufft	set	messageid: <1428968498.61.0.914160220191.issue23686@psf.upfronthosting.co.za>
2015-04-13 23:41:38	dstufft	link	issue23686 messages
2015-04-13 23:41:38	dstufft	create