Cosimo Lupo <cl...@google.com> added the comment: Hello,
I see that the official Python.org OSX 10.6+ installers are still linking with OSX outdated OpenSSL (0.9.8zh 14 Jan 2016; I'm using macOS High Sierra 10.13.2). In the installer's README, they motivates this because: > Apple's 0.9.8 version includes an important additional feature: if a > certificate cannot be verified using the manually administered certificates > in /System/Library/OpenSSL, the certificates managed by the system security > framework in the user and system keychains are also consulted (using Apple > private APIs) However, because of this outdated OpenSSL version, I cannot use pip to install from the TestPyPI server https://test.pypi.org. When I try (even with --trusted-host) I get this error: ``` $ pip install --trusted-host --index-url https://test.pypi.org/simple afdko Collecting https://test.pypi.org/simple Exception: Traceback (most recent call last): ... SSLError: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:661) ``` A similar issue on pypa/pip repository was closed as > There's no actionable item here. People with old versions of openssl that > don't support sha1 SSL certificates need to upgrade or else they are > insecure. If they wish to be insecure they can continue using pip 1.2 https://github.com/pypa/pip/issues/829#issuecomment-20931050 ~~~ Well, I find it particularly odd that the official binary distribution for the latest Python 2.7.14 has a broken (or insecure) _ssl module, even when running the latest macOS version. Of course, using pyenv or homebrew fixes the problem (as they require and link with the latest openssl 1.0.2), but I would like to recommend installing python from the official binaries to my less technically-skilled colleagues of mine. Please consider embedding the latest openssl on the 10.6+ installers like you already do on 10.5 32bit ones and the Windows ones, thank you. Cosimo Lupo ---------- nosy: +Cosimo Lupo2 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue17128> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
