Drop support for OpenSSL 1.0.1 (#5178)

5 files changed, 6 insertions, 35 deletions

diff --git a/docs/faq.rst b/docs/faq.rst
index de131f67..38a895d8 100644
--- a/docs/faq.rst
+++ b/docs/faq.rst
@@ -82,24 +82,11 @@ Your ``pip`` and/or ``setuptools`` are outdated. Please upgrade to the latest
 versions with ``pip install -U pip setuptools`` (or on Windows
 ``python -m pip install -U pip setuptools``).
 
-Importing cryptography causes a ``RuntimeError`` about OpenSSL 1.0.1
---------------------------------------------------------------------
+Installing cryptography with OpenSSL 0.9.8, 1.0.0, 1.0.1 fails
+--------------------------------------------------------------
 
-The OpenSSL project has dropped support for the 1.0.1 release series. Since it
-is no longer receiving security patches from upstream, ``cryptography`` is also
-dropping support for it. To fix this issue you should upgrade to a newer
-version of OpenSSL (1.0.2 or later). This may require you to upgrade to a newer
-operating system.
-
-For the 2.9 release, you can set the ``CRYPTOGRAPHY_ALLOW_OPENSSL_101``
-environment variable. Please note that this is *temporary* and will be removed
-in ``cryptography`` 3.0.
-
-Installing cryptography with OpenSSL 0.9.8 or 1.0.0 fails
----------------------------------------------------------
-
-The OpenSSL project has dropped support for the 0.9.8 and 1.0.0 release series.
-Since they are no longer receiving security patches from upstream,
+The OpenSSL project has dropped support for the 0.9.8, 1.0.0, and 1.0.1 release
+series. Since they are no longer receiving security patches from upstream,
 ``cryptography`` is also dropping support for them. To fix this issue you
 should upgrade to a newer version of OpenSSL (1.0.2 or later). This may require
 you to upgrade to a newer operating system.
diff --git a/docs/hazmat/backends/openssl.rst b/docs/hazmat/backends/openssl.rst
index d31dcae2..56121cb5 100644
--- a/docs/hazmat/backends/openssl.rst
+++ b/docs/hazmat/backends/openssl.rst
@@ -3,7 +3,7 @@
 OpenSSL backend
 ===============
 
-The `OpenSSL`_ C library. Cryptography supports OpenSSL version 1.0.1 and
+The `OpenSSL`_ C library. Cryptography supports OpenSSL version 1.0.2 and
 greater.
 
 .. data:: cryptography.hazmat.backends.openssl.backend
diff --git a/docs/hazmat/bindings/openssl.rst b/docs/hazmat/bindings/openssl.rst
index ac9ccedf..bc7ec2d9 100644
--- a/docs/hazmat/bindings/openssl.rst
+++ b/docs/hazmat/bindings/openssl.rst
@@ -6,7 +6,7 @@ OpenSSL binding
 .. currentmodule:: cryptography.hazmat.bindings.openssl.binding
 
 These are `CFFI`_ bindings to the `OpenSSL`_ C library. Cryptography supports
-OpenSSL version 1.0.1 and greater.
+OpenSSL version 1.0.2 and greater.
 
 .. class:: cryptography.hazmat.bindings.openssl.binding.Binding()
 
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index 21d12a38..519e8c57 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst
@@ -418,9 +418,6 @@ Modes
     :raises ValueError: This is raised if ``len(tag) < min_tag_length`` or the
         ``initialization_vector`` is too short.
 
-    :raises NotImplementedError: This is raised if the version of the OpenSSL
-        backend used is 1.0.1 or earlier.
-
     An example of securely encrypting and decrypting data with ``AES`` in the
     ``GCM`` mode looks like:
 
@@ -681,18 +678,12 @@ Interfaces
 
     .. method:: finalize_with_tag(tag)
 
-        .. note::
-
-            This method is not supported when compiled against OpenSSL 1.0.1.
-
         :param bytes tag: The tag bytes to verify after decryption.
         :return bytes: Returns the remainder of the data.
         :raises ValueError: This is raised when the data provided isn't
             a multiple of the algorithm's block size, if ``min_tag_length`` is
             less than 4, or if ``len(tag) < min_tag_length``.
             ``min_tag_length`` is an argument to the ``GCM`` constructor.
-        :raises NotImplementedError: This is raised if the version of the
-            OpenSSL backend used is 1.0.1 or earlier.
 
         If the authentication tag was not already supplied to the constructor
         of the :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` mode
diff --git a/docs/installation.rst b/docs/installation.rst
index 655adf2d..80b606c9 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -24,17 +24,10 @@ PyPy 5.4+ on these operating systems.
 We test compiling with ``clang`` as well as ``gcc`` and use the following
 OpenSSL releases:
 
-* ``OpenSSL 1.0.1``
-* ``OpenSSL 1.0.1e-fips`` (``RHEL/CentOS 7``)
-* ``OpenSSL 1.0.1f``
 * ``OpenSSL 1.0.2-latest``
 * ``OpenSSL 1.1.0-latest``
 * ``OpenSSL 1.1.1-latest``
 
-.. warning::
-    Cryptography 2.9 has dropped support for OpenSSL 1.0.1, see the
-    :doc:`FAQ </faq>` for more details
-
 Building cryptography on Windows
 --------------------------------