Author dstufft
Recipients alex, dstufft, jeremy.kloth, larry, lemburg, ned.deily, pitrou, python-dev, steve.dower, zach.ware
Date 2015-04-13.23:41:38
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1428968498.61.0.914160220191.issue23686@psf.upfronthosting.co.za>
In-reply-to
Content
I think 1.0.2 is the only version of OpenSSL that has the ability to short circuit the chain validation which is something that makes it easier for libraries like requests to remove the weak 1024 bit roots from their SSL certificate store.

It's also needed for ALPN support which libraries like hyper will need in order to support HTTP/2.

I'm pretty massively +1 in Python shipping 1.0.2 (or really, whatever the latest OpenSSL is) wherever it can, including the OSX installers even on systems where Apple ships it's ancient OpenSSL.
History
Date User Action Args
2015-04-13 23:41:38dstufftsetrecipients: + dstufft, lemburg, pitrou, larry, ned.deily, alex, jeremy.kloth, python-dev, zach.ware, steve.dower
2015-04-13 23:41:38dstufftsetmessageid: <1428968498.61.0.914160220191.issue23686@psf.upfronthosting.co.za>
2015-04-13 23:41:38dstufftlinkissue23686 messages
2015-04-13 23:41:38dstufftcreate