• [Python-announce] PyCA cryptography 37.0.0 released

    From Paul Kehrer@paul.l.kehrer@gmail.com to comp.lang.python.announce on Tue Apr 26 10:25:44 2022
    From Newsgroup: comp.lang.python.announce

    PyCA cryptography 37.0.0 has been released to PyPI. cryptography
    includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric
    algorithms, message digests, X509, key derivation functions, and much
    more. We support Python 3.6+, and PyPy3.

    Changelog (https://cryptography.io/en/latest/changelog/#v37-0-0):
    * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.2.
    * BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL 2.9.x and
    3.0.x. The new minimum LibreSSL version is 3.1+.
    * BACKWARDS INCOMPATIBLE: Removed signer and verifier methods from the
    public key and private key classes. These methods were originally
    deprecated in version 2.0, but had an extended deprecation timeline
    due to usage. Any remaining users should transition to sign and
    verify.
    * Deprecated OpenSSL 1.1.0 support. OpenSSL 1.1.0 is no longer
    supported by the OpenSSL project. The next release of cryptography
    will be the last to support compiling with OpenSSL 1.1.0.
    * Deprecated Python 3.6 support. Python 3.6 is no longer supported by
    the Python core team. Support for Python 3.6 will be removed in a
    future cryptography release.
    * Deprecated the current minimum supported Rust version (MSRV) of
    1.41.0. In the next release we will raise MSRV to 1.48.0. Users with
    the latest pip will typically get a wheel and not need Rust installed,
    but check Installation for documentation on installing a newer rustc
    if required.
    * Deprecated CAST5, SEED, IDEA, and Blowfish because they are legacy
    algorithms with extremely low usage. These will be removed in a future
    version of cryptography.
    * Added limited support for distinguished names containing a bit string.
    * We now ship universal2 wheels on macOS, which contain both arm64 and
    x86_64 architectures. Users on macOS should upgrade to the latest pip
    to ensure they can use this wheel, although we will continue to ship
    x86_64 specific wheels for now to ease the transition.
    * This will be the final release for which we ship manylinux2010
    wheels. Going forward the minimum supported manylinux ABI for our
    wheels will be manylinux2014. The vast majority of users will continue
    to receive manylinux wheels provided they have an up to date pip. For
    PyPy wheels this release already requires manylinux2014 for
    compatibility with binaries distributed by upstream.
    * Added support for multiple OCSPSingleResponse in a OCSPResponse.
    * Restored support for signing certificates and other structures in
    X.509 with SHA3 hash algorithms.
    * TripleDES is disabled in FIPS mode.
    * Added support for serialization of PKCS#12 CA friendly names/aliases
    in serialize_key_and_certificates()
    * Added support for 12-15 byte (96 to 120 bit) nonces to AESOCB3. This
    class previously supported only 12 byte (96 bit).
    * Added support for AESSIV when using OpenSSL 3.0.0+.
    * Added support for serializing PKCS7 structures from a list of
    certificates with serialize_certificates.
    * Added support for parsing RFC 4514 strings with from_rfc4514_string().
    * Added AUTO to PSS. This can be used to verify a signature where the
    salt length is not already known.
    * Added DIGEST_LENGTH to PSS. This constant will set the salt length
    to the same length as the PSS hash algorithm.
    * Added support for loading RSA-PSS key types with
    load_pem_private_key() and load_der_private_key(). This functionality
    is limited to OpenSSL 1.1.1e+ and loads the key as a normal RSA
    private key, discarding the PSS constraint information.

    -Paul Kehrer (reaperhulk)
    --- Synchronet 3.19c-Linux NewsLink 1.113