summaryrefslogtreecommitdiffstats
path: root/Doc/whatsnew/3.7.rst
diff options
context:
space:
mode:
authorNick Coghlan <ncoghlan@gmail.com>2018-07-10 13:04:29 (GMT)
committerGitHub <noreply@github.com>2018-07-10 13:04:29 (GMT)
commit5fe7c98a54d127759cfce323fab831008c945964 (patch)
tree5dfb7b1f9f55e6ef9abd1a06a34b8a4cad4b5c35 /Doc/whatsnew/3.7.rst
parent66953f0ec642bcc36b5c0739de6507e67598380b (diff)
downloadcpython-5fe7c98a54d127759cfce323fab831008c945964.zip
cpython-5fe7c98a54d127759cfce323fab831008c945964.tar.gz
cpython-5fe7c98a54d127759cfce323fab831008c945964.tar.bz2
bpo-34009: Expand on platform support changes (GH-8022)
Many users won't realise the implications the OpenSSL 1.0.2 minimum version requirement has when it comes to Ubuntu 14.04 and Debian 8, so expand on that in the platform support section. Also explicitly note the non-ASCII-based locale requirement for full Unicode text handling support on non-Windows systems.
Diffstat (limited to 'Doc/whatsnew/3.7.rst')
-rw-r--r--Doc/whatsnew/3.7.rst29
1 files changed, 26 insertions, 3 deletions
diff --git a/Doc/whatsnew/3.7.rst b/Doc/whatsnew/3.7.rst
index 53fbe18..ac13890 100644
--- a/Doc/whatsnew/3.7.rst
+++ b/Doc/whatsnew/3.7.rst
@@ -1304,8 +1304,8 @@ Host name validation can be customized with
.. note::
The improved host name check requires a *libssl* implementation compatible
with OpenSSL 1.0.2 or 1.1. Consequently, OpenSSL 0.9.8 and 1.0.1 are no
- longer supported. The ssl module is mostly compatible with LibreSSL 2.7.2
- and newer.
+ longer supported (see :ref:`37-platform-support-removals` for more details).
+ The ssl module is mostly compatible with LibreSSL 2.7.2 and newer.
The ``ssl`` module no longer sends IP addresses in SNI TLS extension.
(Contributed by Christian Heimes in :issue:`32185`.)
@@ -2069,10 +2069,33 @@ or higher. (Contributed by Serhiy Storchaka in :issue:`27867`.)
(Contributed by Antoine Pitrou in :issue:`16500`.)
+.. _37-platform-support-removals:
+
Platform Support Removals
=========================
-FreeBSD 9 and older are no longer officially supported.
+* FreeBSD 9 and older are no longer officially supported.
+* For full Unicode support, including within extension modules, \*nix platforms
+ are now expected to provide at least one of ``C.UTF-8`` (full locale),
+ ``C.utf8`` (full locale) or ``UTF-8`` (``LC_CTYPE``-only locale) as an
+ alternative to the legacy ``ASCII``-based ``C`` locale.
+* OpenSSL 0.9.8 and 1.0.1 are no longer supported, which means building CPython
+ 3.7 with SSL/TLS support on older platforms still using these versions
+ requires custom build options that link to a more recent version of OpenSSL.
+
+ Notably, this issue affects the Debian 8 (aka "jessie") and Ubuntu 14.04
+ (aka "Trusty") LTS Linux distributions, as they still use OpenSSL 1.0.1 by
+ default.
+
+ Debian 9 ("stretch") and Ubuntu 16.04 ("xenial"), as well as recent releases
+ of other LTS Linux releases (e.g. RHEL/CentOS 7.5, SLES 12-SP3), use OpenSSL
+ 1.0.2 or later, and remain supported in the default build configuration.
+
+ CPython's own :source:`CI configuration file <.travis.yml>` provides an
+ example of using the SSL
+ :source:`compatibility testing infrastructure <Tools/ssl/multissltests.py>` in
+ CPython's test suite to build and link against OpenSSL 1.1.0 rather than an
+ outdated system provided OpenSSL.
API and Feature Removals