Skip to content

bpo-34009: Expand on platform support changes #8022

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Jul 10, 2018
Merged

bpo-34009: Expand on platform support changes #8022

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d98cb9d
bpo-34009: Expand on platform support changes
ncoghlan Jun 30, 2018
c4fca8b
Better info on the OpenSSL 1.0.1 issue
ncoghlan Jul 1, 2018
3dc9695
Small wording fixes
ncoghlan Jul 1, 2018
b7a729a
Remove Travis references, add Debuntu code names
ncoghlan Jul 4, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 26 additions & 3 deletions Doc/whatsnew/3.7.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1304,8 +1304,8 @@ Host name validation can be customized with
.. note::
The improved host name check requires a *libssl* implementation compatible
with OpenSSL 1.0.2 or 1.1. Consequently, OpenSSL 0.9.8 and 1.0.1 are no
longer supported. The ssl module is mostly compatible with LibreSSL 2.7.2
and newer.
longer supported (see :ref:`37-platform-support-removals` for more details).
The ssl module is mostly compatible with LibreSSL 2.7.2 and newer.

The ``ssl`` module no longer sends IP addresses in SNI TLS extension.
(Contributed by Christian Heimes in :issue:`32185`.)
Expand Down Expand Up @@ -2069,10 +2069,33 @@ or higher. (Contributed by Serhiy Storchaka in :issue:`27867`.)
(Contributed by Antoine Pitrou in :issue:`16500`.)


.. _37-platform-support-removals:

Platform Support Removals
=========================

FreeBSD 9 and older are no longer officially supported.
* FreeBSD 9 and older are no longer officially supported.
* For full Unicode support, including within extension modules, \*nix platforms
are now expected to provide at least one of ``C.UTF-8`` (full locale),
``C.utf8`` (full locale) or ``UTF-8`` (``LC_CTYPE``-only locale) as an
alternative to the legacy ``ASCII``-based ``C`` locale.
* OpenSSL 0.9.8 and 1.0.1 are no longer supported, which means building CPython
3.7 with SSL/TLS support on older platforms still using these versions
requires custom build options that link to a more recent version of OpenSSL.

Notably, this issue affects the Debian 8 (aka "jessie") and Ubuntu 14.04
(aka "Trusty") LTS Linux distributions, as they still use OpenSSL 1.0.1 by
default.

Debian 9 ("stretch") and Ubuntu 16.04 ("xenial"), as well as recent releases
of other LTS Linux releases (e.g. RHEL/CentOS 7.5, SLES 12-SP3), use OpenSSL
1.0.2 or later, and remain supported in the default build configuration.

CPython's own :source:`CI configuration file <.travis.yml>` provides an
example of using the SSL
:source:`compatibility testing infrastructure <Tools/ssl/multissltests.py>` in
CPython's test suite to build and link against OpenSSL 1.1.0 rather than an
outdated system provided OpenSSL.


API and Feature Removals
Expand Down