From info at egenix.com Mon Mar 7 11:07:32 2016 From: info at egenix.com (eGenix Team: M.-A. Lemburg) Date: Mon, 7 Mar 2016 17:07:32 +0100 Subject: [pyOpenSSL-Users] ANN: eGenix pyOpenSSL Distribution 0.13.14 Message-ID: <56DDA744.5010103@egenix.com> ________________________________________________________________________ ANNOUNCING eGenix.com pyOpenSSL Distribution Version 0.13.14 An easy-to-install and easy-to-use distribution of the pyOpenSSL Python interface for OpenSSL - available for Windows, Mac OS X and Unix platforms This announcement is also available on our web-site for online reading: http://www.egenix.com/company/news/eGenix-pyOpenSSL-Distribution-0.13.14.html ________________________________________________________________________ INTRODUCTION The eGenix.com pyOpenSSL Distribution includes everything you need to get started with SSL in Python. It comes with an easy-to-use installer that includes the most recent OpenSSL library versions in pre-compiled form, making your application independent of OS provided OpenSSL libraries: http://www.egenix.com/products/python/pyOpenSSL/ pyOpenSSL is an open-source Python add-on that allows writing SSL/TLS- aware network applications as well as certificate management tools: https://launchpad.net/pyopenssl/ OpenSSL is an open-source implementation of the SSL/TLS protocol: http://www.openssl.org/ ________________________________________________________________________ NEWS This new release of the eGenix.com pyOpenSSL Distribution includes the following updates: New in OpenSSL -------------- * Updated included OpenSSL libraries from OpenSSL 1.0.1r to 1.0.1s. See https://www.openssl.org/news/secadv/20160301.txt ?for a complete list of changes. The following fixes are relevant for pyOpenSSL applications: - CVE-2016-0800 (DROWN attack) A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. As additional result of this attack, the default OpenSSL configuration no longer includes the SSLv2 protocol support starting with 1.0.1s. - Several low priority issues related to memory leaks. * Disabled SSLv2 support in all our OpenSSL library builds (no-ssl2). * Disabled TLS compression in all our OpenSSL library builds (no-comp). This may lead to problems with other libraries that still expect to find these APIs. pyOpenSSL itself does not use them. * Updated the Mozilla CA root bundle to version 2016-03-01. Nothing much changed, except the date of the bundle file. Please see the product changelog for the full set of changes. http://www.egenix.com/products/python/pyOpenSSL/changelog.html pyOpenSSL / OpenSSL Binaries Included ------------------------------------- In addition to providing sources, we make binaries available that include both pyOpenSSL and the necessary OpenSSL libraries for all supported platforms: Windows, Linux, Mac OS X and FreeBSD, for x86 and x64. To simplify installation, we have uploaded a web installer to PyPI which will automatically choose the right binary for your platform, so a simple pip install egenix-pyopenssl will get you the package with OpenSSL libraries installed. Please see our installation instructions for details: http://www.egenix.com/products/python/pyOpenSSL/#Installation We have also added .egg-file distribution versions of our eGenix.com pyOpenSSL Distribution for Windows, Linux and Mac OS X to the available download options. These make setups using e.g. zc.buildout and other egg-file based installers a lot easier. ________________________________________________________________________ DOWNLOADS The download archives and instructions for installing the package can be found at: http://www.egenix.com/products/python/pyOpenSSL/ ________________________________________________________________________ UPGRADING Before installing this version of pyOpenSSL, please make sure that you uninstall any previously installed pyOpenSSL version. Otherwise, you could end up not using the included OpenSSL libs. _______________________________________________________________________ SUPPORT Commercial support for these packages is available from eGenix.com. Please see http://www.egenix.com/services/support/ for details about our support offerings. ________________________________________________________________________ MORE INFORMATION For more information about the eGenix pyOpenSSL Distribution, licensing and download instructions, please visit our web-site or write to sales at egenix.com. About eGenix (http://www.egenix.com/): eGenix is a Python software project, consulting and product company delivering expert services and professional quality products for companies, Python users and developers. We specialize in database driven applications, large scale software designs and integration. Enjoy, -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Experts (#1, Mar 07 2016) >>> Python Projects, Coaching and Consulting ... http://www.egenix.com/ >>> Python Database Interfaces ... http://products.egenix.com/ >>> Plone/Zope Database Interfaces ... http://zope.egenix.com/ ________________________________________________________________________ 2016-02-19: Released eGenix PyRun 2.1.2 ... http://egenix.com/go88 ::: We implement business ideas - efficiently in both time and costs ::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ http://www.malemburg.com/ From hs at ox.cx Sat Mar 19 07:29:28 2016 From: hs at ox.cx (Hynek Schlawack) Date: Sat, 19 Mar 2016 12:29:28 +0100 Subject: [pyOpenSSL-Users] pyOpenSSL 16.0.0 released Message-ID: On behalf of PyCA ? the Python Cryptography Authority ? I?m anxious to announce that after almost a year since the 0.15.1 release of pyOpenSSL we?ve released the brand new 16.0.0. A few organizational notes: 1. The pyopenssl-users mailing list and #pyopenssl IRC channel are deprecated. Please use cryptography-dev and #cryptography-dev on Freenode where you?re much more likely to get help. 2. The version scheme switched to CalVer because a 0.x version for a 15 years old project is rather odd and calling it 1.0 although we don?t expect a 2.0 to ever happen didn?t make any sense. pyOpenSSL is a long-running project with strict backward-compatibility requirements and is hence better served with a calendar-based version scheme. 3. Please note that some of us will be doing a TLS/HTTPS workshop at PyCon US 2016 so if you always wanted to learn about these things first hand, make sure to sign up: . We've opted to receive no compensation and asked the organizers to send them to PyLadies instead. So you?ll be doing good while learning something! *** Release details: While the list of changes looks short, a lot internal work happened: 72 files changed, 15511 insertions(+), 15063 deletions(-) We?ve done our best to not break any existing applications; including by making the urllib3 and Twisted test suites part of our CI. The full changelog can be found at . This is the first release under full stewardship of PyCA. We have made many changes to make local development more pleasing. The test suite now passes both on Linux and OS X with OpenSSL 0.9.8, 1.0.1, and 1.0.2. It has been moved to py.test, all CI test runs are part of tox and the source code has been made fully flake8 compliant. We hope to have lowered the barrier for contributions significantly but are open to hear about any remaining frustrations. Backward-incompatible changes: ? Python 3.2 support has been dropped. It never had significant real world usage and has been dropped by our main dependency cryptography. Affected users should upgrade to Python 3.3 or later. Deprecations: ? The support for EGD has been removed. The only affected function OpenSSL.rand.egd() now uses os.urandom() to seed the internal PRNG instead. Please see pyca/cryptography#1636 for more background information on this decision. In accordance with our backward compatibility policy OpenSSL.rand.egd() will be removed no sooner than a year from the release of 16.0.0. Please note that you should use urandom for all your secure random number needs. ? Python 2.6 support has been deprecated. Our main dependency cryptography deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually dropping it. pyOpenSSL will drop Python 2.6 support once cryptography does. Changes: ? Fixed OpenSSL.SSL.Context.set_session_id, OpenSSL.SSL.Connection.renegotiate, OpenSSL.SSL.Connection.renegotiate_pending, and OpenSSL.SSL.Context.load_client_ca. They were lacking an implementation since 0.14. #422 ? Fixed segmentation fault when using keys larger than 4096-bit to sign data. #428 ? Fixed AttributeError when OpenSSL.SSL.Connection.get_app_data() was called before setting any app data. #304 ? Added OpenSSL.crypto.dump_publickey() to dump OpenSSL.crypto.PKey objects that represent public keys, and OpenSSL.crypto.load_publickey() to load such objects from serialized representations. #382 ? Added OpenSSL.crypto.dump_crl() to dump a certificate revocation list out to a string buffer. #368 ? Added OpenSSL.SSL.Connection.get_state_string() using the OpenSSL binding state_string_long. #358 ? Added support for the socket.MSG_PEEK flag to OpenSSL.SSL.Connection.recv() and OpenSSL.SSL.Connection.recv_into(). #294 ? Added OpenSSL.SSL.Connection.get_protocol_version() and OpenSSL.SSL.Connection.get_protocol_version_name(). #244 ? Switched to utf8string mask by default. OpenSSL formerly defaulted to a T61String if there were UTF-8 characters present. This was changed to default to UTF8String in the config around 2005, but the actual code didn't change it until late last year. This will default us to the setting that actually works. To revert this you can call OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default"). #234 *** For PyCA, Hynek Schlawack -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP using GPGMail URL: