Hi Jack,

No, I think you're spot on, this is a big problem. Actually, 2.7.9-2.7.12, even 
the Python.org ones, are already somewhat broken because they use Apple's 
ancient OpenSSL version. All the ciphers supported by that version of OpenSSL 
are ones that are regarded as insecure now, so most modern servers, including 
big ones like AWS, don't allow them anymore. Because of this you can't even 
download a newer OpenSSL from the OpenSSL web site using Python. :( 

It surprised me to find that the Python community wasn't really aware of this 
problem. For one project I worked on we actually re-coded all our download code 
to use the Cocoa HTTPS classes via PyObjC, and this was a couple years back. 
Don't know how many others out there have been fighting with it. 

Kevin

On 1/10/17, 8:05 AM, "Pythonmac-SIG on behalf of Jack Jansen" 
<pythonmac-sig-bounces+kevino=theolliviers....@python.org on behalf of 
jack.jan...@cwi.nl> wrote:

    I have completely ignored this whole TLS 1.0 versus TLS 1.2 security debate 
until know, but just now the following post came in on python-announce, which 
seems to suggest that TLS 1.0 is really about to be phased out: 
https://mail.python.org/pipermail/python-announce-list/2017-January/011437.html
    
    I think Python 2.7 older that 2.7.13 (i.e. including the apple-shipped 
Pythons) don’t support TLS 1.2 by default, which would seem to suggest that 
things like pip will stop working as of this summer.
    
    Or am I overreacting?
    --
    Jack Jansen, <jack.jan...@cwi.nl>, http://www.cwi.nl/~jack
    If I can't dance I don't want to be part of your revolution -- Emma Goldman
    
    
    
    _______________________________________________
    Pythonmac-SIG maillist  -  Pythonmac-SIG@python.org
    https://mail.python.org/mailman/listinfo/pythonmac-sig
    unsubscribe: https://mail.python.org/mailman/options/Pythonmac-SIG
    


_______________________________________________
Pythonmac-SIG maillist  -  Pythonmac-SIG@python.org
https://mail.python.org/mailman/listinfo/pythonmac-sig
unsubscribe: https://mail.python.org/mailman/options/Pythonmac-SIG

Reply via email to