https://www.openssl.org/news/secadv/20160922.txt

1.0.2i passes all tests of 2.7, 3.5-7 on Linux

Make that OpenSSL 1.0.2j with fix for CVE-2016-7052https://www.openssl.org/news/openssl-1.0.2-notes.html

We didn't get this into 3.6.0b2; needs to be in 3.6.0b3.

Hi, I updated the openssl version from 1.0.2h to 1.0.2j in build-installer.pyPlease let me know if this works.Thanks :)

New changesetc29045efd25e by Zachary Ware in branch '2.7':Issue#28248: Update Windows build to use OpenSSL 1.0.2jhttps://hg.python.org/cpython/rev/c29045efd25eNew changesetd7b9ce8ae79b by Zachary Ware in branch '3.4':Issue#28248: Update Windows build to use OpenSSL 1.0.2jhttps://hg.python.org/cpython/rev/d7b9ce8ae79bNew changeset5fa74d8c987b by Zachary Ware in branch '3.5':Issue#28248: Merge with 3.4https://hg.python.org/cpython/rev/5fa74d8c987bNew changesetcc5006dab787 by Zachary Ware in branch '3.6':Issue#28248: Merge with 3.5https://hg.python.org/cpython/rev/cc5006dab787New changesetfea9ff9e745d by Zachary Ware in branch 'default':Issue#28248: Merge with 3.6https://hg.python.org/cpython/rev/fea9ff9e745d

@zach maybe we can close this issue if you have updated openssl ?

The Mac installer still needs to be updated, which is Ned's department.

ok, thank you Zach for this comment.

New changeset33ad26897e30 by Ned Deily in branch '2.7':Issue#28248: Update macOS installer build to use OpenSSL 1.0.2j.https://hg.python.org/cpython/rev/33ad26897e30New changeseta8799a63feb7 by Ned Deily in branch '3.5':Issue#28248: Update macOS installer build to use OpenSSL 1.0.2j.https://hg.python.org/cpython/rev/a8799a63feb7New changesetc7e551f8c5d8 by Ned Deily in branch '3.6':Issue#28248: merge from 3.5https://hg.python.org/cpython/rev/c7e551f8c5d8New changeset9e66ffa7a791 by Ned Deily in branch 'default':Issue#28248: merge from 3.6https://hg.python.org/cpython/rev/9e66ffa7a791

Thanks for the patch, Mariatta.  Pushed for released in 2.7.13, 3.5.3, and 3.6.0b3.

From the changelog I interpreted this to mean that Python would now use OpenSSL 1.0.2j on macOS for it's ssl module.But this is not the case?On a fresh macOS Sierra VM I get:Python 2.7.13rc1 (v2.7.13rc1:4d6fd49eeb14, Dec  3 2016, 13:01:23) [GCC 4.2.1 (Apple Inc. build 5666) (dot 3)] on darwinType "help", "copyright", "credits" or "license" for more information.>>> import ssl>>> ssl.OPENSSL_VERSION'OpenSSL 0.9.8zh 14 Jan 2016'

@S Safihre. See the ReadMe included with the python.org 2.7.x installers.  (It is displayed at installation and a copy is installed to /Applications/Python 2.7/ReadMe.rtf)  As explained there, for 2.7.13rc1 as in recent previous 2.7.x releases, only the 10.5+ installer variant is linked with the private copy of OpenSSL; the 10.6+ installer uses the Apple-supplied system version.