Christian Heimes

+1 I see "the oldest one" more like a guideline or preference than a hard rule. Sometimes there is another ticket with more or better information on the issue. It's...

Are there potential performance issues or backwards compatibility issues with `-mbranch-protection`? `-msign-return-address` is a legacy option. It looks like GCC 9 and newer have `-mbranch-protection`. GCC 9 or newer are...

@pablogsal RM, please take a look

The changeset breaks tests on Emscripten.

My biggest concern with the current implementation of the idna module is the size of UTS46 mapping table. The ``uts46data`` data file has almost 200kB. Importing the module consumes about...

I have implemented a PoC ``unicodedata.uts_remap`` function, https://github.com/python/cpython/compare/master...tiran:uts46_remap . The table is created with a modified ``tools/idna-data`` script.

TLS session resumption is tricky to use with TLS 1.2. IIRC clients should only use a ticket when the previous connection was closed and finalized without any protocol error. A...

The majority of servers at least supports TLS 1.3. There is no OpenSSL, BoringSSL or NSS version without TLS 1.3 support that is supported by upstream. OpenSSL 1.1.0+ invalidates session...

> I see two problems with this though. The first is that python's own ssl binding is not supporting TLSv1.3 fully at this point, and a lot of servers are...

Applications and libraries should neither define their own crypto policy (TLS versions and cipher suite) nor should they ship with their own set of root CA certificates. Instead they should...