Re: [Cryptography-dev] [Proposal] Deprecating and removing support for OpenSSL 0.9.8

Oracle Solaris is fine with dropping 0.9.8 support as well. Thank you. Regards, Misaki Miyashita -- Oracle Solaris Principal Software Engineer On 1/22/2016 3:58 PM, Alex Gaynor wrote: Hi all, I'd like to propose we deprecate support for OpenSSL 0.9.8 i

Re: [Cryptography-dev] [Proposal] Deprecating and removing support for OpenSSL 0.9.8

I am strongly in favour of dropping 0.9.8 support. Count me as an enthusiastic +1. Cory > On 22 Jan 2016, at 21:58, Alex Gaynor wrote: > > Hi all, > > I'd like to propose we deprecate support for OpenSSL 0.9.8 in our next > release, and remove support in the release after (we already emit wa

Re: [Cryptography-dev] [Proposal] Deprecating and removing support for OpenSSL 0.9.8

So, here was my thought process on 1.0.0: - Basically no one is using it - It's slightly less burdensome to support. - We should only do one thing at a time, if for some reason everyone who upgrades 0.9.8 moves to 1.0.0, that's an interesting data point we should seek to collect. I like the idea o

Re: [Cryptography-dev] [Proposal] Deprecating and removing support for OpenSSL 0.9.8

We should also disable 1.0.0 as that's EOL as well and has even lower usage than 0.9.8. I'd like to have at least one additional release with 0.9.8/1.0.0 support disabled but available via env variable (e.g. ALLOW_OLD_BAD_OPENSSL). This way we can provide a path to re-enable support if it turns

Re: [Cryptography-dev] [Proposal] Deprecating and removing support for OpenSSL 0.9.8

We assume nobody has it installed, which is why the wheel statically links it. It, unfortunately, shifts the upgrade burden to "remember to upgrade your python package", but there's no way around that. On January 22, 2016 at 4:25:46 PM, Ron Frederick (r...@timeheart.net) wrote: Gotcha, thanks.

Re: [Cryptography-dev] [Proposal] Deprecating and removing support for OpenSSL 0.9.8

Gotcha, thanks. On my OS X system, I have 1.0.2e installed from MacPorts, but I imagine many Mac users don’t. On Jan 22, 2016, at 2:21 PM, Alex Gaynor wrote: > Uhhh, sorry, which includes OpenSSL *1.0.2*. > > Alex > > On Fri, Jan 22, 2016 at 5:21 PM, Alex Gaynor

Re: [Cryptography-dev] [Proposal] Deprecating and removing support for OpenSSL 0.9.8

Uhhh, sorry, which includes OpenSSL *1.0.2*. Alex On Fri, Jan 22, 2016 at 5:21 PM, Alex Gaynor wrote: > On OS X and Windows we distribute a Cryptography wheel which includes > OpenSSL 0.9.8. > > Alex > > On Fri, Jan 22, 2016 at 5:19 PM, Ron Frederick wrote: > >> What impact will this have on M

Re: [Cryptography-dev] [Proposal] Deprecating and removing support for OpenSSL 0.9.8

On OS X and Windows we distribute a Cryptography wheel which includes OpenSSL 0.9.8. Alex On Fri, Jan 22, 2016 at 5:19 PM, Ron Frederick wrote: > What impact will this have on MacOS systems? Even the latest MacOS El > Capitan (10.11.3) is still back on OpenSSL 0.9.8zg from 14 July 2015 for > th

Re: [Cryptography-dev] [Proposal] Deprecating and removing support for OpenSSL 0.9.8

What impact will this have on MacOS systems? Even the latest MacOS El Capitan (10.11.3) is still back on OpenSSL 0.9.8zg from 14 July 2015 for the /usr/bin/openssl binary. They ship with a version of libressl for use by OpenSSH (OpenSSH_6.9p1, LibreSSL 2.1.8), but I don’t know if that library is

[Cryptography-dev] [Proposal] Deprecating and removing support for OpenSSL 0.9.8

Hi all, I'd like to propose we deprecate support for OpenSSL 0.9.8 in our next release, and remove support in the release after (we already emit warnings in our current release, so this is consistent with our schedule). Rationale: OpenSSL 0.9.8 is old, does not support modern web security (e.g. n