On 12 January 2017 at 04:26, Brett Cannon <br...@python.org> wrote: > > On Tue, 10 Jan 2017 at 12:51 Donald Stufft <don...@stufft.io> wrote: >> >> [SNIP] >> >> >> It would be really nice if we could deprecate `ssl` (which has a bunch of >> OpenSSL specific stuff in it) and add a new `tls` module that served as an >> implementation agnostic library that would use OpenSSL on *nix, >> SecureTransport on macOS, and SChannel on Windows. However, in the mean time >> there are some folks poking to see about making something pip suitable that >> will enable us to use SecureTransport at least. > > > I know both Cory Benfield and Christian Heimes brought this up briefly at > the PyCon US 2016 language summit at the end of their SSL discussion, but I > don't think it went anywhere because there was some other discussion that > dominated the end of their talk (I've now tweeted at them about this > discussion). > > I know Steve has also said he would love to see a agnostic TLS library so > that Windows' built-in libraries for this stuff could be directly used. With > the predicament this is going to put us in I think it makes it very prudent > to create a tls module for the stdlib.
Logistically, something I think we should explore for such a module is using the same ensuretls/tls split that we did for ensurepip/pip. That way it can be more readily updated in line with the evolution of network security standards and operating system crpytographic APIs, rather than being locked into being updated in line with the evolution of the Python language definition. Cheers, Nick. -- Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
