Important things enabled by this upgrade:
- TLS 1.2 support. 1.2 is the current version of TLS standard. As previous versions are known to have issues and vulnerabilities, some sites aggressively disable old versions.
- SNI (Server Name Indication) support. (server_hostname parameter to ussl.wrap_socket() call). This is feature required to access virtual SSL hosts hosted on the same physical server (which is pretty common).
- Given the tendency of growing certificate sizes, TLS record buffer was grown to 5K from 4K. This should allow to establish connection with many more SSL sites - of course, at the expense of memory available to your application for anything else.
- No possible to stream SSL data (e.g. to download large files over SSL).
- No server certificate verification
- No client certificate support
Free free to share your experiences with the new version of module here.