Hi Jack, No, I think you're spot on, this is a big problem. Actually, 2.7.9-2.7.12, even the Python.org ones, are already somewhat broken because they use Apple's ancient OpenSSL version. All the ciphers supported by that version of OpenSSL are ones that are regarded as insecure now, so most modern servers, including big ones like AWS, don't allow them anymore. Because of this you can't even download a newer OpenSSL from the OpenSSL web site using Python. :(
It surprised me to find that the Python community wasn't really aware of this problem. For one project I worked on we actually re-coded all our download code to use the Cocoa HTTPS classes via PyObjC, and this was a couple years back. Don't know how many others out there have been fighting with it. Kevin On 1/10/17, 8:05 AM, "Pythonmac-SIG on behalf of Jack Jansen" <pythonmac-sig-bounces+kevino=theolliviers....@python.org on behalf of jack.jan...@cwi.nl> wrote: I have completely ignored this whole TLS 1.0 versus TLS 1.2 security debate until know, but just now the following post came in on python-announce, which seems to suggest that TLS 1.0 is really about to be phased out: https://mail.python.org/pipermail/python-announce-list/2017-January/011437.html I think Python 2.7 older that 2.7.13 (i.e. including the apple-shipped Pythons) don’t support TLS 1.2 by default, which would seem to suggest that things like pip will stop working as of this summer. Or am I overreacting? -- Jack Jansen, <jack.jan...@cwi.nl>, http://www.cwi.nl/~jack If I can't dance I don't want to be part of your revolution -- Emma Goldman _______________________________________________ Pythonmac-SIG maillist - Pythonmac-SIG@python.org https://mail.python.org/mailman/listinfo/pythonmac-sig unsubscribe: https://mail.python.org/mailman/options/Pythonmac-SIG _______________________________________________ Pythonmac-SIG maillist - Pythonmac-SIG@python.org https://mail.python.org/mailman/listinfo/pythonmac-sig unsubscribe: https://mail.python.org/mailman/options/Pythonmac-SIG