From paul.l.kehrer at gmail.com Mon Jul 20 18:40:00 2020 From: paul.l.kehrer at gmail.com (Paul Kehrer) Date: Mon, 20 Jul 2020 17:40:00 -0500 Subject: [Cryptography-dev] PyCA cryptography 3.0 released Message-ID: PyCA cryptography 3.0 has been released to PyPI. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric algorithms, message digests, X509, key derivation functions, and much more. We support Python 2.7, Python 3.5+, and PyPy. Changelog (https://cryptography.io/en/latest/changelog/#v3-0): * BACKWARDS INCOMPATIBLE: Removed support for passing an Extension instance to from_issuer_subject_key_identifier(), as per our deprecation policy. * BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.7.x, 2.8.x, and 2.9.0 has been removed (2.9.1+ is still supported). * BACKWARDS INCOMPATIBLE: Dropped support for macOS 10.9, macOS users must upgrade to 10.10 or newer. * BACKWARDS INCOMPATIBLE: RSA generate_private_key() no longer accepts public_exponent values except 65537 and 3 (the latter for legacy purposes). * BACKWARDS INCOMPATIBLE: X.509 certificate parsing now enforces that the version field contains a valid value, rather than deferring this check until version is accessed. * Deprecated support for Python 2. At the time there is no time table for actually dropping support, however we strongly encourage all users to upgrade their Python, as Python 2 no longer receives support from the Python core team. * Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa private keys: load_ssh_private_key() for loading and OpenSSH for writing. * Added support for OpenSSH certificates to load_ssh_public_key(). * Added encrypt_at_time() and decrypt_at_time() to Fernet. * Added support for the SubjectInformationAccess X.509 extension. * Added support for parsing SignedCertificateTimestamps in OCSP responses. * Added support for parsing attributes in certificate signing requests viaget_attribute_for_oid(). * Added support for encoding attributes in certificate signing requests via add_attribute(). * On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL?s built-in CSPRNG instead of its own OS random engine because these versions of OpenSSL properly reseed on fork. * Added initial support for creating PKCS12 files with serialize_key_and_certificates(). -Paul Kehrer (reaperhulk)