3 files changed, 13 insertions, 0 deletions

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 4cabaf7f..9a3e5b88 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -10,6 +10,9 @@ Changelog
 
 * Added :meth:`~cryptography.fernet.Fernet.extract_timestamp` to get the
   authenticated timestamp of a :doc:`Fernet </fernet>` token.
+* Support for Python 2.7.x without ``hmac.compare_digest`` has been deprecated.
+  We will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next
+  ``cryptography`` release.
 
 .. _v2-2-2:
 
diff --git a/src/cryptography/hazmat/primitives/constant_time.py b/src/cryptography/hazmat/primitives/constant_time.py
index 5a682ca9..0e987ea7 100644
--- a/src/cryptography/hazmat/primitives/constant_time.py
+++ b/src/cryptography/hazmat/primitives/constant_time.py
@@ -5,7 +5,9 @@
 from __future__ import absolute_import, division, print_function
 
 import hmac
+import warnings
 
+from cryptography import utils
 from cryptography.hazmat.bindings._constant_time import lib
 
 
@@ -17,6 +19,13 @@ if hasattr(hmac, "compare_digest"):
         return hmac.compare_digest(a, b)
 
 else:
+    warnings.warn(
+        "Support for your Python version is deprecated. The next version of "
+        "cryptography will remove support. Please upgrade to a 2.7.x "
+        "release that supports hmac.compare_digest as soon as possible.",
+        utils.DeprecatedIn23,
+    )
+
     def bytes_eq(a, b):
         if not isinstance(a, bytes) or not isinstance(b, bytes):
             raise TypeError("a and b must be bytes.")
diff --git a/src/cryptography/utils.py b/src/cryptography/utils.py
index 14909c66..3d45a771 100644
--- a/src/cryptography/utils.py
+++ b/src/cryptography/utils.py
@@ -22,6 +22,7 @@ class CryptographyDeprecationWarning(UserWarning):
 # cycle ends.
 PersistentlyDeprecated = CryptographyDeprecationWarning
 DeprecatedIn21 = CryptographyDeprecationWarning
+DeprecatedIn23 = CryptographyDeprecationWarning
 
 
 def _check_bytes(name, value):