PyCA cryptography 2.1 released

Paul Kehrer paul.l.kehrer at gmail.com
Wed Oct 11 09:18:08 EDT 2017


PyCA cryptography 2.1 has been released to PyPI. cryptography includes both
high level recipes and low level interfaces
to common cryptographic algorithms such as symmetric ciphers, message
digests, and key derivation functions. We support Python 2.6-2.7, Python
3.4+, and PyPy.

NOTE: This release contains a backwards incompatible change that was not
part of a deprecation cycle. Before upgrading p

Changelog (https://cryptography.io/en/latest/changelog/#v2-1)

* FINAL DEPRECATION Python 2.6 support is deprecated, and will be removed
in the next release of cryptography.
* BACKWARDS INCOMPATIBLE: Whirlpool, RIPEMD160, and UnsupportedExtension
have been removed in accordance with our API stability policy.
* BACKWARDS INCOMPATIBLE: DNSName.value, UniformResourceIndicator.value,
and RFC822Name.value will now return an A-label string when parsing a
certificate containing an internationalized domain name (IDN) or if the
caller passed a U-label to the constructor. See below for additional
deprecations related to this change.
* Installing cryptography now requires pip 6 or newer.
* Deprecated passing U-label strings to the DNSName,
UniformResourceIdentifier, and RFC822Name constructors. Instead, users
should pass values as A-label strings with idna encoding if necessary. This
change will not affect anyone who is not processing internationalized
domains.
* Added support for ChaCha20. In most cases users should choose
ChaCha20Poly1305 rather than using this unauthenticated form.
* Added is_signature_valid() to CertificateRevocationList.
* Support BLAKE2b and BLAKE2s with HMAC.
* Added support for XTS mode for AES.
* Added support for using labels with OAEP when using OpenSSL 1.0.2 or
greater.
* Improved compatibility with NSS when issuing certificates from an issuer
that has a subject with non-UTF8String string types.
* Add support for the DeltaCRLIndicator extension.
* Add support for the TLSFeature extension. This is commonly used for
enabling OCSP Must-Staple in certificates.
* Add support for the FreshestCRL extension.

Thanks to all the contributors in this release.

-Paul Kehrer (reaperhulk)


More information about the Python-announce-list mailing list