[Python-announce] PyCA cryptography 35.0.0 released

48 views
Skip to first unread message

Paul Kehrer

unread,
Sep 30, 2021, 2:20:31 AMSep 30
to
PyCA cryptography 35.0.0 has been released to PyPI. cryptography
includes both high level recipes and low level interfaces to common
cryptographic algorithms such as symmetric ciphers, asymmetric
algorithms, message digests, X509, key derivation functions, and much
more.
We support Python 3.6+, and PyPy3.

Changelog (https://cryptography.io/en/latest/changelog/#v35-0-0):
* Changed the version scheme. This will result in us incrementing the
major version more frequently, but does not change our existing
backwards compatibility policy.
* BACKWARDS INCOMPATIBLE: The X.509 certificate parser no longer
allows negative serial numbers. RFC 5280 has always prohibited these.
* BACKWARDS INCOMPATIBLE: Invalid ASN.1 found during X.509 parsing
will raise an error on initial parse rather than when the invalid
field is accessed.
* Rust is now required for building cryptography, the
CRYPTOGRAPHY_DONT_BUILD_RUST environment variable is no longer
respected.
* Parsers for X.509 no longer use OpenSSL and have been rewritten in
Rust. This should be backwards compatible (modulo the items listed
above) and improve both security and performance.
* Added support for OpenSSL 3.0.0 as a compilation target.
* Added support for SM3 and SM4, when using OpenSSL 1.1.1. These
algorithms are provided for compatibility in regions where they may be
required, and are not generally recommended.
* We now ship manylinux_2_24 and musllinux_1_1 wheels, in addition to
our manylinux2010 and manylinux2014 wheels. Users on distributions
like Alpine Linux should ensure they upgrade to the latest pip to
correctly receive wheels.
* Added rfc4514_attribute_name attribute to x509.NameAttribute.
* Added KBKDFCMAC.

-Paul Kehrer (reaperhulk)
Reply all
Reply to author
Forward
0 new messages