Hi everyone,
There's a known issue with Twisted + PyOpenSSL>=0.13 using OpenSSL version 1.0.2f. Please note, this only potentially affects you if:
- You use Windows or OS X -- Cryptography 1.2.2's wheels have a bundled 1.0.2f.
OR
- You use a Linux or FreeBSD distribution which has OpenSSL 1.0.2f. If you are using a released distribution of Ubuntu or Debian, you most likely have a *patched* (so, still secure) past version (like Ubuntu 15.10, which has a patched 1.0.2d). If you are using Fedora 23, you may have 1.0.2f. You can check by running "openssl version".
There is also an unrelated issue with CFFI that causes Cryptography 1.2 wheels for Windows/OS X to cause CPython to crash on interpreter shutdown.
The current highest working Cryptography version that causes a test suite pass is 1.2.2 on Linux with OpenSSL versions other than 1.0.2f, 1.1.2 on Windows & OS X without an unreleased CFFI patch, and 1.2.1 once the CFFI patch is released. Our Windows and OS X builders have their Cryptography dependencies pinned to 1.1.2 until these problems are solved.
Please note, this doesn't mean your applications may or may not work in practice with OpenSSL 1.0.2f! It just means the test suite does not pass, so we can't be absolutely sure that 1.0.2f will not cause problems for you. The latest patched versions of OpenSSL are strongly recommended from a security standpoint.
The relevant issues are:
- Make tests pass on 1.0.2f (Twisted,
https://twistedmatrix.com/trac/ticket/8189)
- Crash during interpreter shutdown when using static callbacks (CFFI,
https://bitbucket.org/cffi/cffi/issues/246/crash-during-interpreter-shutdown-when)