Christian Heimes <li...@cheimes.de> added the comment: I have another good reason to land PR 5259 in 3.7. OpenSSL 1.1.0 has deprecated the old way to disable/enable protocol versions with set option. The OP_NO_TLSv1* constants will likely get removed in OpenSSL 1.2.0. I'm expecting to see a 1.2.0 release within the next two years. Therefore we should include SSLContext.maximum_version and SSLContext.minimum_version now. We may even have to backport them to 3.6 and 2.7.
https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_options.html > SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, > SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2 > These options turn off the SSLv3, TLSv1, TLSv1.1 or TLSv1.2 protocol > versions with TLS or the DTLSv1, DTLSv1.2 versions with DTLS, respectively. > As of OpenSSL 1.1.0, these options are deprecated, use > SSL_CTX_set_min_proto_version and SSL_CTX_set_max_proto_version instead. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue31453> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
