1. Forum
  2. Newsgroups
  3. comp.lang.python.announce

  • [Python-announce] PyCA cryptography 39.0.0 released

    From Paul Kehrer@paul.l.kehrer@gmail.com to comp.lang.python.announce on Mon Jan 2 11:19:45 2023
    From Newsgroup: comp.lang.python.announce

    PyCA cryptography 39.0.0 has been released to PyPI. cryptography
    includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric
    algorithms, message digests, X509, key derivation functions, and much
    more. We support Python 3.6+, and PyPy3.

    Changelog (https://cryptography.io/en/latest/changelog/#v39-0-0):
    * BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.1.0 has been removed.
    Users on older versions of OpenSSL will need to upgrade. Note that
    this does not affect users of our wheels.
    * BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.5. The new
    minimum LibreSSL version is 3.5.0. Going forward our policy is to
    support versions of LibreSSL that are available in versions of OpenBSD
    that are still receiving security support.
    * BACKWARDS INCOMPATIBLE: Removed the encode_point and
    from_encoded_point methods onEllipticCurvePublicNumbers, which had
    been deprecated for several years. public_bytes()
    andfrom_encoded_point() should be used instead.
    * BACKWARDS INCOMPATIBLE: Support for using MD5 or SHA1 in
    CertificateBuilder, other X.509 builders, and PKCS7 has been removed.
    * BACKWARDS INCOMPATIBLE: Dropped support for macOS 10.10 and 10.11,
    macOS users must upgrade to 10.12 or newer.
    * ANNOUNCEMENT: The next version of cryptography (40.0) will change
    the way we link OpenSSL. This will only impact users who build
    cryptography from source (i.e., not from a wheel), and specify their
    own version of OpenSSL. For those users, the CFLAGS, LDFLAGS, INCLUDE,
    LIB, and CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS environment variables will
    no longer be respected. Instead, users will need to configure their
    builds as documented here.
    * Added support for disabling the legacy provider in OpenSSL 3.0.x.
    * Added support for disabling RSA key validation checks when loading
    RSA keys via load_pem_private_key(), load_der_private_key(), and
    private_key(). This speeds up key loading but is unsafe if you are
    loading potentially attacker supplied keys.
    * Significantly improved performance for ChaCha20Poly1305 when
    repeatedly calling encrypt or decrypt with the same key.
    * Added support for creating OCSP requests with precomputed hashes
    using add_certificate_by_hash().
    * Added support for loading multiple PEM-encoded X.509 certificates
    from a single input via load_pem_x509_certificates().

    -Paul Kehrer (reaperhulk)
    --- Synchronet 3.19c-Linux NewsLink 1.113