On 09. 01. 22 19:39, Christian Heimes wrote:

Hi,

I would like to remind everybody that Python's support for OpenSSL 3.0 is preliminary [1]. Python compiles with OpenSSL 3.0.0 and simple code kinda works. However there are known performance regressions, missing features (e.g. usedforsecurity flag), and potential bugs cause by API incompatibilities.

Due to the experimental state I advise against using Python with OpenSSL 3.0 in production.

It may take a while until Python gains full support for the next version of OpenSSL. I have shifted my personal OSS time to more fun topics like performance and WASM. My work time is currently limited, too.

Hello Christian.

Do you think we should switch Python in Fedora 36 to OpenSSL 1.1.1? Python was naturally rebuilt with OpenSSL 3.0 when the distro upgraded OpenSSL. But the older version is still available.

Note that Fedora 36 is also "preliminary" so we still have time to make this decision until +- the beta freeze/release (end of February, early March this year).