Do we care about Python 3.9 at this point? Frequently for in-tree tools we use python_for_regen as the base version, or the previous stable release (e.g. 3.12 at present).

Yes, we care because of security branches I'd say. Also, there are still distros with Pyhton 3.9 as its default I think (I mean, my default Python in OpenSUSE was Python 3.6!). But generally, it's to limit to "simple" Python when possible.

True, but e.g. for backports to 3.9 we would run against the version of Tools/ssl/multissltests.py in the 3.9 branch? We should add a comment explaining why we care about all non EOL versions, though.

True, but e.g. for backports to 3.9 we would run against the version of Tools/ssl/multissltests.py in the 3.9 branch?

That's... a good question. I would have said "yes", but now I'm not entirely sure. Maybe not?

Ah actually, we do:

    def run_python_tests(self, tests, network=True):
        if not tests:
            cmd = [
                sys.executable,
                os.path.join(PYTHONROOT, 'Lib/test/ssltests.py'),
                '-j0'
            ]
        elif sys.version_info < (3, 3):
            cmd = [sys.executable, '-m', 'test.regrtest']
        else:
            cmd = [sys.executable, '-m', 'test', '-j0']
        if network:
            cmd.extend(['-u', 'network', '-u', 'urlfetch'])
        cmd.extend(['-w', '-r'])
        cmd.extend(tests)
self._subprocess_call(cmd, stdout=None)

So for executing the tests, we're really re-using the python interpreter that was used to generate the scripts, so we need to run the tests against the correct interpreter version.

@WillChilds-Klein could you update run_python_tests() in this PR to remove the 3.3 block & use long options to regrtest? -w -> --rerun & -r -> --randomize