You are here: Home » NewsFeeds » Time to Upgrade Your Python: TLS v1.2 Will Soon Be Mandatory

Time to Upgrade Your Python: TLS v1.2 Will Soon Be Mandatory

If you’re using an older Python without the most secure TLS implementation, this is the year to get serious about upgrading. Otherwise next June you may not be able to “pip install” packages from PyPI.PyPI’s maintainer Donald Stufft recently announced that python.org and related sites will begin disabling the old TLS versions 1.0 and 1.1. This change was imposed on us by our content delivery network, Fastly, in response to a change imposed on them by the Payment Card Industry Security Standards Council. In order to continue serving websites that take credit card payments, Fastly is required to disable the old, insecure versions of TLS. Since the PSF’s servers, including PyPI, use Fastly, the old versions of TLS will be disabled as well.Fastly wrote in October 2015,
There have been serious and systemic security issues with earlier versions of TLS and its predecessor, SSL, including POODLE, Heartbleed, and LOGJAM. These threatened


 

Original article