Python wrapper module around the OpenSSL library
Note: The Python Cryptographic Authority strongly suggests the use of pyca/cryptography where possible. If you are using pyOpenSSL for anything other than making a TLS connection you should move to cryptography and drop your pyOpenSSL dependency.
High-level wrapper around a subset of the OpenSSL library. Includes
- SSL.Connection objects, wrapping the methods of Python’s portable sockets
- Callbacks written in Python
- Extensive error-handling mechanism, mirroring OpenSSL’s error codes
… and much more.
If you run into bugs, you can file them in our issue tracker.
We maintain a cryptography-dev mailing list for both user and development discussions.
You can also join #cryptography-dev on Freenode to ask questions or get involved.
- Drop support for Python 2.7. #1047
- The minimum cryptography version is now 35.0.
- The minimum cryptography version is now 3.3.
- Drop support for Python 3.5
- Raise an error when an invalid ALPN value is set. #993
- Added OpenSSL.SSL.Context.set_min_proto_version and OpenSSL.SSL.Context.set_max_proto_version to set the minimum and maximum supported TLS version #985.
- Updated to_cryptography and from_cryptography methods to support an upcoming release of cryptography without raising deprecation warnings. #1030
- Fixed compatibility with OpenSSL 1.1.0.
- The minimum cryptography version is now 3.2.
- Remove deprecated OpenSSL.tsafe module.
- Removed deprecated OpenSSL.SSL.Context.set_npn_advertise_callback, OpenSSL.SSL.Context.set_npn_select_callback, and OpenSSL.SSL.Connection.get_next_proto_negotiated.
- Drop support for Python 3.4
- Drop support for OpenSSL 1.0.1 and 1.0.2
- Deprecated OpenSSL.crypto.loads_pkcs7 and OpenSSL.crypto.loads_pkcs12.
- Added a new optional chain parameter to OpenSSL.crypto.X509StoreContext() where additional untrusted certificates can be specified to help chain building. #948
- Added OpenSSL.crypto.X509Store.load_locations to set trusted certificate file bundles and/or directories for verification. #943
- Added Context.set_keylog_callback to log key material. #910
- Added OpenSSL.SSL.Connection.get_verified_chain to retrieve the verified certificate chain of the peer. #894.
- Make verification callback optional in Context.set_verify. If omitted, OpenSSL’s default verification is used. #933
- Fixed a bug that could truncate or cause a zero-length key error due to a null byte in private key passphrase in OpenSSL.crypto.load_privatekey and OpenSSL.crypto.dump_privatekey. #947
- Removed deprecated ContextType, ConnectionType, PKeyType, X509NameType, X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType aliases. Use the classes without the Type suffix instead. #814
- The minimum cryptography version is now 2.8 due to issues on macOS with a transitive dependency. #875
- Deprecated OpenSSL.SSL.Context.set_npn_advertise_callback, OpenSSL.SSL.Context.set_npn_select_callback, and OpenSSL.SSL.Connection.get_next_proto_negotiated. ALPN should be used instead. #820
Release history Release notifications | RSS feed
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Hashes for pyOpenSSL-22.0.0-py2.py3-none-any.whl