Python SSL version 2.7 will be shut down on April 2, 2018. After this
date, an application using the SSL library will be blocked from deploying
unless you specify the SSL library
2.7.11 in the application
You must update to the latest SDK and re-deploy your app even if you specified
"latest" as the version of SSL in your
app.yaml, as described in the following
Migrating to version 2.7.11
To move to SSL version 2.7.11:
Update your SDK to get required updates:
If you use the Cloud SDK's
gcloudcommand line tool, update to the latest Cloud SDK version by invoking the command:
gcloud components update
If you use the App Engine Python SDK instead of the Cloud SDK, download the latest SDK version.
app.yamlfor all versions of your application as follows:
libraries: - name: ssl version: latest
If your application calls SSL APIs directly, migrate your application code as necessary to be compatible with SSL 2.7.11. If you use the SSL module using
urllib, or any other higher layer library without making direct SSL API calls, you should not need to modify your application code, but you should test to verify.
Deploy your application. This is required to pick up the new changes.
Making your app more secure
By default, the SSL
2.7.11 library does not validate certificates,
which may leave your app vulnerable, for example, to
man in the middle attacks.
Google recommends that you turn on certificate validation, following the
instructions provided in
Where to get help
If you run into any trouble migrating your application, and you have a support package, you can get help through your normal support channel. If you don't have a support package, you can get help through the support contact form.