Donald Stufft added the comment: I think 1.0.2 is the only version of OpenSSL that has the ability to short circuit the chain validation which is something that makes it easier for libraries like requests to remove the weak 1024 bit roots from their SSL certificate store.
It's also needed for ALPN support which libraries like hyper will need in order to support HTTP/2. I'm pretty massively +1 in Python shipping 1.0.2 (or really, whatever the latest OpenSSL is) wherever it can, including the OSX installers even on systems where Apple ships it's ancient OpenSSL. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue23686> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
