> On Jan 12, 2017, at 6:10 AM, Jack Jansen wrote:
>
> Ok, so this is a real problem:-(
>
> Again, I’m not deep enough into the SSL stuff to really understand this (and
> specifically whether it needs a new openssl module, a new libssl, both,
> something else, ….), but I’d
> On Jan 10, 2017, at 9:21 AM, Kevin Ollivier wrote:
>
> Hi Jack,
>
> No, I think you're spot on, this is a big problem. Actually, 2.7.9-2.7.12,
> even the Python.org ones, are already somewhat broken because they use
> Apple's ancient OpenSSL version. All the
On Thu, Jan 12, 2017 at 6:10 AM, Jack Jansen wrote:
> Ok, so this is a real problem:-(
>
> Again, I’m not deep enough into the SSL stuff to really understand this
> (and specifically whether it needs a new openssl module, a new libssl,
> both, something else, ….), but I’d
Ok, so this is a real problem:-(
Again, I’m not deep enough into the SSL stuff to really understand this (and
specifically whether it needs a new openssl module, a new libssl, both,
something else, ….), but I’d like to think of ways to fix this before the shit
hits the fan for all poor mac
Hi Jack,
No, I think you're spot on, this is a big problem. Actually, 2.7.9-2.7.12, even
the Python.org ones, are already somewhat broken because they use Apple's
ancient OpenSSL version. All the ciphers supported by that version of OpenSSL
are ones that are regarded as insecure now, so most
> On 10 Jan 2017, at 20:43, Ronald Oussoren wrote:
>
>
>> On 10 Jan 2017, at 17:05, Jack Jansen wrote:
>>
>> I have completely ignored this whole TLS 1.0 versus TLS 1.2 security debate
>> until know, but just now the following post came in on
> On 10 Jan 2017, at 17:05, Jack Jansen wrote:
>
> I have completely ignored this whole TLS 1.0 versus TLS 1.2 security debate
> until know, but just now the following post came in on python-announce, which
> seems to suggest that TLS 1.0 is really about to be phased out:
I have completely ignored this whole TLS 1.0 versus TLS 1.2 security debate
until know, but just now the following post came in on python-announce, which
seems to suggest that TLS 1.0 is really about to be phased out: