search

launchdarkly / python-server-sdk

LaunchDarkly Server-side SDK for Python
https://docs.launchdarkly.com/sdk/server-side/python
Other
38 stars 44 forks source link

urllib3 version 2.0+ support #221

Closed battlesm closed 9 months ago

battlesm commented 10 months ago

Is your feature request related to a problem? Please describe. My team is looking to remove all dependencies on urllib3<2.0 because this package supports weak ciphers (TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c), TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)). Version 2.0+ removes support for these ciphers.

Describe the solution you'd like Please upgrade python-server-sdk to depend on urllib>2.0 in order to remove the dependency on weak ciphers.

Describe alternatives you've considered N/A

Additional context N/A

keelerm84 commented 10 months ago

Thank you for filing this request. I have filed this internally as sc-217568. While I cannot guarantee a timeline, I do hope to get to this task within the next week or so. I will keep you updated if that timeline changes.

battlesm commented 9 months ago

Thanks for picking this up, @keelerm84. Any updates here?

keelerm84 commented 9 months ago

Hey @battlesm, thank you for checking in.

I did some testing on my side and it seems like urllib3 v2 works just fine. We previously had an issue opened asking us to pin support to <v2 as it was causing an issue. I have reached back out to that customer to ensure we aren't going to cause further issue for them.

I will let you know as soon as I'm able to move forward.

keelerm84 commented 9 months ago

@battlesm urllib3 v2 should be supported in 8.1.7

Please don't hesitate to let me know if you experience any issues. Thanks!