Use of OpenSSL
cryptography
depends on the OpenSSL C library for all cryptographic
operation. OpenSSL is the de facto standard for cryptographic libraries and
provides high performance along with various certifications that may be
relevant to developers.
A list of supported versions can be found in our Installation documentation.
In general the backend should be considered an internal implementation detail of the project, but there are some public methods available for debugging purposes.
- cryptography.hazmat.backends.openssl.backend
- openssl_version_text()
- Return text:
The friendly string name of the loaded OpenSSL library. This is not necessarily the same version as it was compiled against.
- openssl_version_number()
New in version 1.8.
- Return int:
The integer version of the loaded OpenSSL library. This is defined in
opensslv.h
asOPENSSL_VERSION_NUMBER
and is typically shown in hexadecimal (e.g.0x1010003f
). This is not necessarily the same version as it was compiled against.
Legacy provider in OpenSSL 3.x
New in version 39.0.0.
Users can set CRYPTOGRAPHY_OPENSSL_NO_LEGACY
environment variable to
disable the legacy provider in OpenSSL 3.x. This will disable legacy
cryptographic algorithms, including Blowfish
, CAST5
, SEED
,
ARC4
, and RC2
(which is used by some encrypted serialization formats).