Python SSL Version 2.7 Shutdown

Python SSL version 2.7 will be shut down on April 2, 2018. After this date, an application using the SSL library will be blocked from deploying unless you specify the SSL library latest or 2.7.11 in the application app.yaml file.

You must update to the latest SDK and re-deploy your app even if you specified "latest" as the version of SSL in your app.yaml, as described in the following migration section.

Migrating to version 2.7.11

To move to SSL version 2.7.11:

  1. Update your SDK to get required updates:

    • If you use the Cloud SDK's gcloud command line tool, update to the latest Cloud SDK version by invoking the command:

      gcloud components update

    • If you use the App Engine Python SDK instead of the Cloud SDK, download the latest SDK version.

  2. Update the app.yaml for all versions of your application as follows:

    - name: ssl
      version: latest
  3. If your application calls SSL APIs directly, migrate your application code as necessary to be compatible with SSL 2.7.11. If you use the SSL module using httplib, urllib, or any other higher layer library without making direct SSL API calls, you should not need to modify your application code, but you should test to verify.

  4. Deploy your application. This is required to pick up the new changes.

Making your app more secure

By default, the SSL 2.7.11 library does not validate certificates, which may leave your app vulnerable, for example, to man in the middle attacks. Google recommends that you turn on certificate validation, following the instructions provided in Validating certificates.

Where to get help

If you run into any trouble migrating your application, and you have a support package, you can get help through your normal support channel. If you don't have a support package, you can get help through the support contact form.