Submission for SC consideration: PEP 644 -- Require OpenSSL 1.1.1 or newer

[tiran]

Please consider PEP 644 for Python 3.10.

The PEP has been discussed at https://discuss.python.org/t/pep-644-require-openssl-1-1-or-newer/5584 since October 2020. So far nobody has argued against the PEP.

The PEP has been cited in other places, e.g. Void Linux used it as an additional argument for their move back to OpenSSL in the recent announcement https://voidlinux.org/news/2021/02/OpenSSL.html .

[brettcannon]

Thanks! I have added it to our queue.

[pquentin]

As an urllib3 maintainer, I'm also interested in this, as we're also considering requiring 1.0.2+ or 1.1.1+ for urllib3 v2 (the version that drops Python 2 support).

[tiran]

I have created a PR to improve and simplify builds with custom OpenSSL installations, python/cpython#24820

PEP PR python/peps#1875 updates the title, explains Debian 9 situation, and lists CI providers with OpenSSL 1.1.1 support.

[pablogsal]

The PEP has been accepted: https://mail.python.org/archives/list/python-dev@python.org/thread/INLCO2EZVQW7R7J2OL6HWVLVU3TQRAZV/

Closing this.

[pablogsal]

@tiran can you update the PEP with the accepted status?