1) I'm running Google App Engine SDK on Mac OS X El Capitan. I have Python 2.7.13
2) While trying to test my app with Stripe, I get the following error
Request req_ApPsfecKnLFJxb: Stripe no longer supports API requests made with TLS 1.0. Please initiate HTTPS connections with TLS 1.2 or later. You can learn more about this at https://stripe.com/blog/upgrading-tls.
3) I did some Googling and based on what I found, I did the following
a) Used brew to upgrade my OpenSSL
b) Confirmed that when I do 'which openssl', I get
/usr/local/opt/openssl/bin/openssl
and when I do 'openssl version', I get
OpenSSL 1.0.2l
c) If I do
import ssl
ssl.OPENSSL_VERSION, I get
'OpenSSL 1.0.2l 23 May 2017'
But I still get the error from Stripe about not using TLS 1.2.
I found this SO question but it didn't solve my problem. I also found thisGoogle Group Discussion and after running the steps in #5, it shows app engine is still pointing to the old version of OPENSSL because the output shows 'OpenSSL 0.9.8zh 14 Jan 2016'
How do I fix this? How do I get python or app engine to use the newer version of OpenSSL that I've installed?
I figured out the problem and my understanding is
1) GAE was still referring to the old python installation (the one that comes shipped with Mac). When I open the GAE Launcher, GAE > Preferences > Python Path is blank.
2) What I needed to do was force GAE to use the newly installed Python (the one I installed with Brew with the direction to use the upgraded OpenSSL). So I have now set GAE > Preferences > Python Path = /usr/local/bin/python.
Everything now works and running the code below from within GAE tells me my TLS is OKAY
import urllib2
r = urllib2.urlopen("https://howsmyssl.com/").read()
return r
Also running the code below now gives me the updated version of OpenSSL
import ssl
return ssl.OPENSSL_VERSION