Closed
Description
The commit 2875c60 deprecated many ssl and hashlib functions in Python 3.10:
- ssl.OP_NO_SSLv2
- ssl.OP_NO_SSLv3
- ssl.OP_NO_TLSv1
- ssl.OP_NO_TLSv1_1
- ssl.OP_NO_TLSv1_2
- ssl.OP_NO_TLSv1_3
- ssl.PROTOCOL_SSLv2
- ssl.PROTOCOL_SSLv3
- ssl.PROTOCOL_SSLv23 (alias for PROTOCOL_TLS)
- ssl.PROTOCOL_TLS
- ssl.PROTOCOL_TLSv1
- ssl.PROTOCOL_TLSv1_1
- ssl.PROTOCOL_TLSv1_2
- ssl.TLSVersion.SSLv3
- ssl.TLSVersion.TLSv1
- ssl.TLSVersion.TLSv1_1
- ssl.wrap_socket()
- ssl.RAND_pseudo_bytes()
- ssl.RAND_egd() (already removed since it's not supported by OpenSSL 1.1.1)
- ssl.SSLContext() without a protocol argument
- ssl.match_hostname()
- hashlib.pbkdf2_hmac() (pure Python implementation, fast OpenSSL function will stay)
They emit a DeprecationWarning in Python 3.10 and 3.11. According to PEP 387, they can now be removed in Python 3.12.
I'm not sure that we should actively remove all of these deprecated features, it should be decided on a case by case basis. Backward compatibility is even more complex when it's about security and old security protocols like SSL and old TLS versions.