Re: [Pythonmac-SIG] apple-Python and TLS 1.0

2017-01-13 Thread Glyph Lefkowitz
> On Jan 12, 2017, at 6:10 AM, Jack Jansen wrote: > > Ok, so this is a real problem:-( > > Again, I’m not deep enough into the SSL stuff to really understand this (and > specifically whether it needs a new openssl module, a new libssl, both, > something else, ….), but I’d

Re: [Pythonmac-SIG] apple-Python and TLS 1.0

2017-01-13 Thread Glyph Lefkowitz
> On Jan 10, 2017, at 9:21 AM, Kevin Ollivier wrote: > > Hi Jack, > > No, I think you're spot on, this is a big problem. Actually, 2.7.9-2.7.12, > even the Python.org ones, are already somewhat broken because they use > Apple's ancient OpenSSL version. All the

Re: [Pythonmac-SIG] apple-Python and TLS 1.0

2017-01-12 Thread Kevin Ollivier
On Thu, Jan 12, 2017 at 6:10 AM, Jack Jansen wrote: > Ok, so this is a real problem:-( > > Again, I’m not deep enough into the SSL stuff to really understand this > (and specifically whether it needs a new openssl module, a new libssl, > both, something else, ….), but I’d

Re: [Pythonmac-SIG] apple-Python and TLS 1.0

2017-01-12 Thread Jack Jansen
Ok, so this is a real problem:-( Again, I’m not deep enough into the SSL stuff to really understand this (and specifically whether it needs a new openssl module, a new libssl, both, something else, ….), but I’d like to think of ways to fix this before the shit hits the fan for all poor mac

Re: [Pythonmac-SIG] apple-Python and TLS 1.0

2017-01-12 Thread Kevin Ollivier
Hi Jack, No, I think you're spot on, this is a big problem. Actually, 2.7.9-2.7.12, even the Python.org ones, are already somewhat broken because they use Apple's ancient OpenSSL version. All the ciphers supported by that version of OpenSSL are ones that are regarded as insecure now, so most

Re: [Pythonmac-SIG] apple-Python and TLS 1.0

2017-01-10 Thread Ronald Oussoren
> On 10 Jan 2017, at 20:43, Ronald Oussoren wrote: > > >> On 10 Jan 2017, at 17:05, Jack Jansen wrote: >> >> I have completely ignored this whole TLS 1.0 versus TLS 1.2 security debate >> until know, but just now the following post came in on

Re: [Pythonmac-SIG] apple-Python and TLS 1.0

2017-01-10 Thread Ronald Oussoren
> On 10 Jan 2017, at 17:05, Jack Jansen wrote: > > I have completely ignored this whole TLS 1.0 versus TLS 1.2 security debate > until know, but just now the following post came in on python-announce, which > seems to suggest that TLS 1.0 is really about to be phased out:

[Pythonmac-SIG] apple-Python and TLS 1.0

2017-01-10 Thread Jack Jansen
I have completely ignored this whole TLS 1.0 versus TLS 1.2 security debate until know, but just now the following post came in on python-announce, which seems to suggest that TLS 1.0 is really about to be phased out: