[Distutils] Announcement: TLSv1.2 will become mandatory in the future

Fastly has announced plans to disable TLSv1.0 and TLSv1.1 on their CDN endpoints which will include PyPI (as well as other Python properties). You can see their timeline at https://www.fastly.com/blog/phase-two-our-tls-10-and-11-deprecation-plan. There are two hard cut off dates to remember: * April 30, 2017, which is when any Python.org site you see that does *not* have an EV certificate that is hosted by Fastly will no longer support TLSv1.0 and TLSv1.1 (testpypi.python.org, test.pypi.org, files.pythonhosted.org, etc). This will affect Warehouse since that uses files.pythonhosted.org to serve files. * June 30, 2018, which is when any Python.org site you see that has an EV certificate that is hosted by Fastly will no longer support TSLv1.0 and TLSv1.1 (pypi.python.org, pypi.org, etc). I am going to see about possibly organizing some scheduled "brown outs" of TLSv1.0 and TLSv1.1 prior to the cut off dates to try and help folks find places that will need updates. Any scheduled brownouts will be posted to status.python.org prior to happening. Looking at the download numbers, the absolute largest driver of TLSv1.0 and TLSv1.1 traffic to PyPI are old versions of pip or other clients where I cannot tell the OS that they are being run on. Past that, macOS is going to be the largest casualty since their system Python does not support TLSv1.2 yet in any version of their OS. If you have a Python and you want to check to see if it supports TLSv1.2 or not, the easiest way to do that is by running: python2 -c "import urllib2,json; print(json.loads(urllib2.urlopen('https://www.howsmyssl.com/a/check').read())['tls_version'])" OR python3 -c "import urllib.request,json; print(json.loads(urllib.request.urlopen('https://www.howsmyssl.com/a/check').read())['tls_version'])" If you get something other than TLS 1.2, then I suggest making plans to deal with the inevitable breakage which may start occurring on or before April 30, 2017. — Donald Stufft -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20170110/686fa001/attachment.html>