From aece5b3d47282beed31f7119e273b65816a0cf93 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 4 Apr 2020 17:08:08 -0400 Subject: Drop support for OpenSSL 1.0.1 (#5178) --- docs/faq.rst | 21 ++++----------------- docs/hazmat/backends/openssl.rst | 2 +- docs/hazmat/bindings/openssl.rst | 2 +- docs/hazmat/primitives/symmetric-encryption.rst | 9 --------- docs/installation.rst | 7 ------- 5 files changed, 6 insertions(+), 35 deletions(-) (limited to 'docs') diff --git a/docs/faq.rst b/docs/faq.rst index de131f67..38a895d8 100644 --- a/docs/faq.rst +++ b/docs/faq.rst @@ -82,24 +82,11 @@ Your ``pip`` and/or ``setuptools`` are outdated. Please upgrade to the latest versions with ``pip install -U pip setuptools`` (or on Windows ``python -m pip install -U pip setuptools``). -Importing cryptography causes a ``RuntimeError`` about OpenSSL 1.0.1 --------------------------------------------------------------------- +Installing cryptography with OpenSSL 0.9.8, 1.0.0, 1.0.1 fails +-------------------------------------------------------------- -The OpenSSL project has dropped support for the 1.0.1 release series. Since it -is no longer receiving security patches from upstream, ``cryptography`` is also -dropping support for it. To fix this issue you should upgrade to a newer -version of OpenSSL (1.0.2 or later). This may require you to upgrade to a newer -operating system. - -For the 2.9 release, you can set the ``CRYPTOGRAPHY_ALLOW_OPENSSL_101`` -environment variable. Please note that this is *temporary* and will be removed -in ``cryptography`` 3.0. - -Installing cryptography with OpenSSL 0.9.8 or 1.0.0 fails ---------------------------------------------------------- - -The OpenSSL project has dropped support for the 0.9.8 and 1.0.0 release series. -Since they are no longer receiving security patches from upstream, +The OpenSSL project has dropped support for the 0.9.8, 1.0.0, and 1.0.1 release +series. Since they are no longer receiving security patches from upstream, ``cryptography`` is also dropping support for them. To fix this issue you should upgrade to a newer version of OpenSSL (1.0.2 or later). This may require you to upgrade to a newer operating system. diff --git a/docs/hazmat/backends/openssl.rst b/docs/hazmat/backends/openssl.rst index d31dcae2..56121cb5 100644 --- a/docs/hazmat/backends/openssl.rst +++ b/docs/hazmat/backends/openssl.rst @@ -3,7 +3,7 @@ OpenSSL backend =============== -The `OpenSSL`_ C library. Cryptography supports OpenSSL version 1.0.1 and +The `OpenSSL`_ C library. Cryptography supports OpenSSL version 1.0.2 and greater. .. data:: cryptography.hazmat.backends.openssl.backend diff --git a/docs/hazmat/bindings/openssl.rst b/docs/hazmat/bindings/openssl.rst index ac9ccedf..bc7ec2d9 100644 --- a/docs/hazmat/bindings/openssl.rst +++ b/docs/hazmat/bindings/openssl.rst @@ -6,7 +6,7 @@ OpenSSL binding .. currentmodule:: cryptography.hazmat.bindings.openssl.binding These are `CFFI`_ bindings to the `OpenSSL`_ C library. Cryptography supports -OpenSSL version 1.0.1 and greater. +OpenSSL version 1.0.2 and greater. .. class:: cryptography.hazmat.bindings.openssl.binding.Binding() diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 21d12a38..519e8c57 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -418,9 +418,6 @@ Modes :raises ValueError: This is raised if ``len(tag) < min_tag_length`` or the ``initialization_vector`` is too short. - :raises NotImplementedError: This is raised if the version of the OpenSSL - backend used is 1.0.1 or earlier. - An example of securely encrypting and decrypting data with ``AES`` in the ``GCM`` mode looks like: @@ -681,18 +678,12 @@ Interfaces .. method:: finalize_with_tag(tag) - .. note:: - - This method is not supported when compiled against OpenSSL 1.0.1. - :param bytes tag: The tag bytes to verify after decryption. :return bytes: Returns the remainder of the data. :raises ValueError: This is raised when the data provided isn't a multiple of the algorithm's block size, if ``min_tag_length`` is less than 4, or if ``len(tag) < min_tag_length``. ``min_tag_length`` is an argument to the ``GCM`` constructor. - :raises NotImplementedError: This is raised if the version of the - OpenSSL backend used is 1.0.1 or earlier. If the authentication tag was not already supplied to the constructor of the :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` mode diff --git a/docs/installation.rst b/docs/installation.rst index 655adf2d..80b606c9 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -24,17 +24,10 @@ PyPy 5.4+ on these operating systems. We test compiling with ``clang`` as well as ``gcc`` and use the following OpenSSL releases: -* ``OpenSSL 1.0.1`` -* ``OpenSSL 1.0.1e-fips`` (``RHEL/CentOS 7``) -* ``OpenSSL 1.0.1f`` * ``OpenSSL 1.0.2-latest`` * ``OpenSSL 1.1.0-latest`` * ``OpenSSL 1.1.1-latest`` -.. warning:: - Cryptography 2.9 has dropped support for OpenSSL 1.0.1, see the - :doc:`FAQ ` for more details - Building cryptography on Windows -------------------------------- -- cgit v1.2.3