• [Python-announce] PyCA cryptography 38.0.0 released

    From Paul Kehrer@paul.l.kehrer@gmail.com to comp.lang.python.announce on Wed Sep 7 08:05:55 2022
    From Newsgroup: comp.lang.python.announce

    PyCA cryptography 38.0.0 has been released to PyPI. cryptography
    includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric
    algorithms, message digests, X509, key derivation functions, and much
    more. We support Python 3.6+, and PyPy3.
    Changelog (https://cryptography.io/en/latest/changelog/#v38-0-0):
    * Final deprecation of OpenSSL 1.1.0. The next release of cryptography
    will drop support.
    * We no longer ship manylinux2010 wheels. Users should upgrade to the
    latest pip to ensure this doesn’t cause issues downloading wheels on
    their platform. We now ship manylinux_2_28 wheels for users on new
    enough platforms.
    * Updated the minimum supported Rust version (MSRV) to 1.48.0, from
    1.41.0. Users with the latest pip will typically get a wheel and not
    need Rust installed, but check Installation for documentation on
    installing a newer rustc if required.
    decrypt() and related methods now accept both str and bytes tokens.
    * Parsing CertificateSigningRequest restores the behavior of enforcing
    that the Extension critical field must be correctly encoded DER. See
    the issue for complete details.
    * Added two new OpenSSL functions to the bindings to support an
    upcoming pyOpenSSL release.
    * When parsing CertificateRevocationList and CertificateSigningRequest
    values, it is now enforced that the version value in the input must be
    valid according to the rules of RFC 2986 and RFC 5280.
    * Using MD5 or SHA1 in CertificateBuilder and other X.509 builders is deprecated and support will be removed in the next version.
    * Added additional APIs to SignedCertificateTimestamp, including signature_hash_algorithm, signature_algorithm, signature, and
    extension_bytes.
    * Added tbs_precertificate_bytes, allowing users to access the
    to-be-signed pre-certificate data needed for signed certificate
    timestamp verification.
    * KBKDFHMAC and KBKDFCMAC now support MiddleFixed counter location.
    * Fixed RFC 4514 name parsing to reverse the order of the RDNs
    according to the section 2.1 of the RFC, affecting method from_rfc4514_string().
    * It is now possible to customize some aspects of encryption when
    serializing private keys, using encryption_builder().
    * Removed several legacy symbols from our OpenSSL bindings. Users of
    pyOpenSSL versions older than 22.0 will need to upgrade.
    * Added AES128 and AES256 classes. These classes do not replace AES
    (which allows all AES key lengths), but are intended for applications
    where developers want to be explicit about key length.
    -Paul Kehrer (reaperhulk)
    --- Synchronet 3.19c-Linux NewsLink 1.113