upgrade TLS 1.0 to TLS 1.2 on macOS

Question

I have troubles installing some python packages I believe because I have TLS 1.0 version. How do I upgrade to TLS 1.2?

python -c "import urllib2; import json; print(json.loads(urllib2.urlopen('https://www.howsmyssl.com/a/check').read())['tls_version'])"
TLS 1.0

My macOS version: 10.13.4 (17E202)
python version: Python 2.7.13
openssl version: LibreSSL 2.2.7

I tried to upgrade openssl, but it does not upgrade LibreSSL. I recall I was having some issue a year ago with openssl, I might have linked it manually or something :(

Answer 1

Even though brew downloaded new version of openssl, old one was used with command openssl. So I disabled csrutil to get rid of openssl symlink in /usr/bin/openssl:

sudo ln -s /usr/local/Cellar/openssl/1.0.2o_1/bin/openssl /usr/bin/openssl

then openssl version is the latest:

~ openssl version
OpenSSL 1.0.2o  27 Mar 2018

however python still uses old version of openssl:

~ python -c "import ssl; print(ssl.OPENSSL_VERSION)"
OpenSSL 0.9.8zh 14 Jan 2016

So going to disable csrutil again and will continue with fixing python version.

I removed python2 installations I could find, more or less following this:

brew uninstall python@2
sudo rm -rf /Library/Frameworks/Python.framework/Versions/2.7
sudo rm -rf "/Applications/Python 2.7"
cd /usr/local/bin/
ls -l /usr/local/bin | grep '../Library/Frameworks/Python.framework/Versions/2.7' | awk '{print $9}' | tr -d @ | xargs rm

then I installed python2 through brew and it uses correct openssl:

~ brew install python@2
~ python -c "import urllib2,json; print(json.loads(urllib2.urlopen('https://www.howsmyssl.com/a/check').read())['tls_version'])"
TLS 1.2