Oracle Solaris is fine with dropping 0.9.8 support as well.
Thank you.
Regards,
Misaki Miyashita
------------------------------------------
Oracle Solaris
Principal Software Engineer
On 1/22/2016 3:58 PM, Alex Gaynor wrote:
Hi all,
I'd like to propose we deprecate support for OpenSSL 0.9.8 in our next
release, and remove support in the release after (we already emit
warnings in our current release, so this is consistent with our schedule).
Rationale: OpenSSL 0.9.8 is old, does not support modern web security
(e.g. no TLS 1.2), and supporting it adds complexity, in the form of
hundreds of additional lines of code and configuration options.
Supporting data: As of pip 8 (released this week, already used for
something like 1/3 of PyPI downloads), the user agent of pip includes
the system's OpenSSL version. Looking at the data (excluding Windows
and OS X, since on those platforms we include OpenSSL 1.0.2 in our
wheels). The overall distribution is:
Indicating that OpenSSL 0.9.8 on Linux repersents less than 1% of all
installations.
Looking at per-package data, here are the percent of downloads using
OpenSSL 0.9.8 for some relevant packages:
- unidecode: 7.6% (This is the package with the highest percent of
0.9.8 users)
- rsa: 3.3%
- pyasn1: 2.2%
- requests: 1.6%
- pycrypto: 0.8%
- pip: 0.6%
- pyopenssl: 0.4%
- letsencrypt-apache: 0.3%
- cryptography: 0.3%
I think these numbers are low enough that we can safely drop OpenSSL
0.9.8 support.
Platforms specifically known to be affected:
- RHEL/CentOS 5 and older
- Debian Squeeze (baed on OpenSSL version, this is where most of the
affected users will be).
Thoughts? Will you be affected by this?
Alex
--
"I disapprove of what you say, but I will defend to the death your
right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: 125F 5C67 DFE9 4084
_______________________________________________
Cryptography-dev mailing list
Cryptography-dev@python.org
https://mail.python.org/mailman/listinfo/cryptography-dev
_______________________________________________
Cryptography-dev mailing list
Cryptography-dev@python.org
https://mail.python.org/mailman/listinfo/cryptography-dev
