summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Doc/whatsnew/3.7.rst29
1 files changed, 26 insertions, 3 deletions
diff --git a/Doc/whatsnew/3.7.rst b/Doc/whatsnew/3.7.rst
index 53fbe18..ac13890 100644
--- a/Doc/whatsnew/3.7.rst
+++ b/Doc/whatsnew/3.7.rst
@@ -1304,8 +1304,8 @@ Host name validation can be customized with
.. note::
The improved host name check requires a *libssl* implementation compatible
with OpenSSL 1.0.2 or 1.1. Consequently, OpenSSL 0.9.8 and 1.0.1 are no
- longer supported. The ssl module is mostly compatible with LibreSSL 2.7.2
- and newer.
+ longer supported (see :ref:`37-platform-support-removals` for more details).
+ The ssl module is mostly compatible with LibreSSL 2.7.2 and newer.
The ``ssl`` module no longer sends IP addresses in SNI TLS extension.
(Contributed by Christian Heimes in :issue:`32185`.)
@@ -2069,10 +2069,33 @@ or higher. (Contributed by Serhiy Storchaka in :issue:`27867`.)
(Contributed by Antoine Pitrou in :issue:`16500`.)
+.. _37-platform-support-removals:
+
Platform Support Removals
=========================
-FreeBSD 9 and older are no longer officially supported.
+* FreeBSD 9 and older are no longer officially supported.
+* For full Unicode support, including within extension modules, \*nix platforms
+ are now expected to provide at least one of ``C.UTF-8`` (full locale),
+ ``C.utf8`` (full locale) or ``UTF-8`` (``LC_CTYPE``-only locale) as an
+ alternative to the legacy ``ASCII``-based ``C`` locale.
+* OpenSSL 0.9.8 and 1.0.1 are no longer supported, which means building CPython
+ 3.7 with SSL/TLS support on older platforms still using these versions
+ requires custom build options that link to a more recent version of OpenSSL.
+
+ Notably, this issue affects the Debian 8 (aka "jessie") and Ubuntu 14.04
+ (aka "Trusty") LTS Linux distributions, as they still use OpenSSL 1.0.1 by
+ default.
+
+ Debian 9 ("stretch") and Ubuntu 16.04 ("xenial"), as well as recent releases
+ of other LTS Linux releases (e.g. RHEL/CentOS 7.5, SLES 12-SP3), use OpenSSL
+ 1.0.2 or later, and remain supported in the default build configuration.
+
+ CPython's own :source:`CI configuration file <.travis.yml>` provides an
+ example of using the SSL
+ :source:`compatibility testing infrastructure <Tools/ssl/multissltests.py>` in
+ CPython's test suite to build and link against OpenSSL 1.1.0 rather than an
+ outdated system provided OpenSSL.
API and Feature Removals