I’ve just compiled Python 3.9.6 with our OpenSSL 1.1.1k. But compilation fails with an error unless I specify -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 (I just used both, no idea whether SSLv2 is even in the library). I did not find anything regarding this in the release notes or so, and I generally do not want old SSL versions, but I would like Python to compile without my having to look into the source code and tweaking the build process for such a fairly standard situation. Would it be feasible to just claim that the next version of Python would categorically not support such old versions of SSL, or alternatively, make it compile either way?
Also, I know this is not the tracker, but I’m not sure whether “my case” is good enough to warrant an entry in there. Please advise.