Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

Q: What's a light-year? A: One-third less calories than a regular year.


comp / comp.lang.python.announce / [Python-announce] PyCA cryptography 43.0.0 released

SubjectAuthor
o [Python-announce] PyCA cryptography 43.0.0 releasedPaul Kehrer

1
Subject: [Python-announce] PyCA cryptography 43.0.0 released
From: Paul Kehrer
Newsgroups: comp.lang.python.announce
Date: Sat, 20 Jul 2024 16:40 UTC
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!fu-berlin.de!uni-berlin.de!not-for-mail
From: paul.l.kehrer@gmail.com (Paul Kehrer)
Newsgroups: comp.lang.python.announce
Subject: [Python-announce] PyCA cryptography 43.0.0 released
Date: Sat, 20 Jul 2024 09:40:06 -0700
Lines: 51
Approved: python-announce-list@python.org
Message-ID: <CABj5TKRvXMrTTtNXgdKGcnxEqEvee2i53k8WDgWydK=Sf9xxYg@mail.gmail.com>
Reply-To: python-list@python.org
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Trace: news.uni-berlin.de 9cezs+j48e6V11Q6Qo3xGQNJHJ8grzKx+/1XPXZgVaYA==
Cancel-Lock: sha1:5Owp6VCRTevVIyF6ddFolw0QyqY= sha256:J6SdHz4L8DfHX5xuMHymxubKX2FZyVDATRbS//EmjE8=
Authentication-Results: mail.python.org; dkim=pass
reason="2048-bit key; unprotected key"
header.d=gmail.com header.i=@gmail.com header.b=W+jor4Zl;
dkim-adsp=pass; dkim-atps=neutral
X-Spam-Status: OK 0.001
X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'windows,': 0.05; 'string':
0.07; 'datetime': 0.09; 'interfaces': 0.09; 'linux': 0.09;
'macos,': 0.09; 'module.': 0.09; 'moved': 0.09; 'properties':
0.09; 'rfc': 0.09; 'to:addr:python-announce-list': 0.09;
'supported': 0.15; '(rfc': 0.16; '3.8.': 0.16; 'algorithms': 0.16;
'algorithms,': 0.16; 'apis': 0.16; 'certificate.': 0.16;
'compiled': 0.16; 'cryptography': 0.16; 'digests,': 0.16;
'encryption': 0.16; 'follows': 0.16; 'functions,': 0.16;
'objects.': 0.16; 'objects:': 0.16; 'outdated': 0.16; 'parsing':
0.16; 'pypi.': 0.16; 'removed.': 0.16; 'shorter': 0.16;
'symmetric': 0.16; 'url:latest': 0.16; 'python': 0.16;
'exception': 0.22; 'to:no real name:2**1': 0.22; 'version': 0.23;
'certificate': 0.26; 'object': 0.26; 'signing': 0.26; 'sfxlen:2':
0.31; 'module': 0.31; 'context': 0.32; 'dropped': 0.32; 'empty':
0.32; 'message-id:@mail.gmail.com': 0.32; 'path': 0.33;
'received:google.com': 0.34; 'following': 0.35;
'from:addr:gmail.com': 0.35; 'request': 0.35; 'added': 0.39;
'use': 0.39; 'still': 0.40; 'both': 0.40; 'should': 0.40; 'skip:i
20': 0.62; 'verification': 0.62; 'skip:b 20': 0.63; 'public':
0.63; 'key': 0.64; 'skip:r 20': 0.64; 'validation': 0.64; 'less':
0.65; 'generally': 0.67; 'older': 0.70; 'longer': 0.71; 'low':
0.74; 'released': 0.75; 'skip:f 20': 0.75; 'client': 0.82;
'more.': 0.82; 'attribute': 0.84; 'backwards': 0.84; 'wheels':
0.84
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1721493618; x=1722098418; darn=python.org;
h=content-transfer-encoding:to:subject:message-id:date:from
:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=DmDcnHVlvnOiXGNjPSKwXKkMxU1HghftFlnnfLpiVS4=;
b=W+jor4ZliZAv41LWD2XkE80amwaTzz9xKFBHQIOMndURcwRV6zYdLdrq76r72pXP9T
bSzC58gjnDL1rULOcAhz592zSQp2GvaEyFtFSbqHI6m51f1vHjznhCf2JVeHR1n6QU9b
XNah68HsvkBRu82uB7ShmQVSbeWbtQgE5VSMoQvqeKAwwu8Nj1vdgbsQrW1aCvgjl7m5
1zS5BmObP4RLYb0O5cPb9D0Z/3MLwjIgv4R9eUOd+O70wXCEu0n4PeKxTJReJmjFZzwr
nMCDWtRV0hUqgy7va0PhWP/ZKISKnk5QBogNWttxJc4lBLN1gK+TBxj/uEzw3e6Dpk1u
jFuQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1721493618; x=1722098418;
h=content-transfer-encoding:to:subject:message-id:date:from
:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=DmDcnHVlvnOiXGNjPSKwXKkMxU1HghftFlnnfLpiVS4=;
b=QRtiuYFWs01mngt6LestmpNiimZ4zg0zkq2NJWpP+0KZPA/cBeOejOclEVrijdmZ2r
QCxek92N60W24kT4Z28Aw1fFsu6oqkpUtprF/paq5uPrG3K+aMIfUqK/QLKjZGpVz0bu
IkHkX31mM/aPJOAwdAanOHfSOi+S+NVveNXjj/vs3Z7OFaUtq1t70e41QWFoh56dtHRM
Wi5FUdopYeHDZdJHZyjT6s767hq8rp3EXK9EGz6kAiT7kmwJvNmSpn0hnLN5GkrKZz4D
iLVfwsWXJXl3JvXTYJVvW1pJkxLoU4Wzsm7w9ieoNTItKYwmi275vxI4xnh+1H5afmYA
Pf1A==
X-Forwarded-Encrypted: i=1; AJvYcCUW8OeSztdxZ5wxU7A4EtShXG3L35ErFaG6fr3ZkmKrKj9Jf9N+oNROnomdhVzEdhNo9E5WyavufhvC0ZEy9hccS0bpP/5OJiUaNxsm1pQ4
X-Gm-Message-State: AOJu0YyEllAPE1dk+GwnPG4akdSmNcF1R3CvzR4AraNee1c5aAZEw0Ta
TBug2BXnPvXMJ75rxVE3JXggTsGcryvqiNaUiOObCqblQ9DNRp2PFyyAmspILMqOP37/XvnmXbF
eAfPWvSIObQp1KZM6Ud1KeZMcs83uYslc
X-Google-Smtp-Source: AGHT+IHwrSYvUBUotSsGVvqGIZS8llcEliSU3dYjXCU5SPMV1gDb6NFKf8aHVppRLww/i1PWTjLrvhRORLYR+YfFblo=
X-Received: by 2002:a17:90b:1893:b0:2c8:f3b4:a3df with SMTP id
98e67ed59e1d1-2cd274ef9cbmr951747a91.42.1721493617436; Sat, 20 Jul 2024
09:40:17 -0700 (PDT)
X-MailFrom: paul.l.kehrer@gmail.com
X-Mailman-Rule-Hits: emergency
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-python-announce-list.python.org-0; header-match-python-announce-list.python.org-1; header-match-python-announce-list.python.org-2; header-match-python-announce-list.python.org-3; header-match-python-announce-list.python.org-4
Message-ID-Hash: WBXKKGVO765FBXOZNVPEWEFECTJDCPVU
X-Message-ID-Hash: WBXKKGVO765FBXOZNVPEWEFECTJDCPVU
X-Mailman-Approved-At: Sat, 20 Jul 2024 14:55:59 -0400
X-Mailman-Version: 3.3.10b1
Precedence: list
List-Id: Announcement-only list for the Python programming language <python-announce-list.python.org>
Archived-At: <https://mail.python.org/archives/list/python-announce-list@python.org/message/WBXKKGVO765FBXOZNVPEWEFECTJDCPVU/>
List-Archive: <https://mail.python.org/archives/list/python-announce-list@python.org/>
List-Help: <mailto:python-announce-list-request@python.org?subject=help>
List-Owner: <mailto:python-announce-list-owner@python.org>
List-Post: <mailto:python-announce-list@python.org>
List-Subscribe: <mailto:python-announce-list-join@python.org>
List-Unsubscribe: <mailto:python-announce-list-leave@python.org>
View all headers

PyCA cryptography 43.0.0 has been released to PyPI. cryptography
includes both high level recipes and low level interfaces to common
cryptographic algorithms such as symmetric ciphers, asymmetric
algorithms, message digests, X.509, key derivation functions, and much
more. We support Python 3.7+, and PyPy3 7.3.10+.

Changelog (https://cryptography.io/en/latest/changelog/#v43-0-0)
* BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e has
been removed. Users on older version of OpenSSL will need to upgrade.
* BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.1.
* Updated the minimum supported Rust version (MSRV) to 1.65.0, from 1.63.0.
* generate_private_key() now enforces a minimum RSA key size of
1024-bit. Note that 1024-bit is still considered insecure, users
should generally use a key size of 2048-bits.
* serialize_certificates() now emits ASN.1 that more closely follows
the recommendations in RFC 2315.
* Added new Decrepit cryptography module which contains outdated and
insecure cryptographic primitives. CAST5, SEED, IDEA, and Blowfish,
which were deprecated in 37.0.0, have been added to this module. They
will be removed from the cipher module in 45.0.0.
* Moved TripleDES and ARC4 into Decrepit cryptography and deprecated
them in the cipher module. They will be removed from the cipher module
in 48.0.0.
* Added support for deterministic ECDSA (RFC 6979)
* Added support for client certificate verification to the X.509 path
validation APIs in the form of ClientVerifier, VerifiedClient, and
PolicyBuilder build_client_verifier().
* Added Certificate public_key_algorithm_oid and Certificate Signing
Request public_key_algorithm_oid to determine the
PublicKeyAlgorithmOID Object Identifier of the public key found inside
the certificate.
* Added invalidity_date_utc, a timezone-aware alternative to the naïve
datetime attribute invalidity_date.
* Added support for parsing empty DN string in from_rfc4514_string().
* Added the following properties that return timezone-aware datetime
objects: produced_at_utc(), revocation_time_utc(), this_update_utc(),
next_update_utc(), revocation_time_utc(), this_update_utc(),
next_update_utc(), These are timezone-aware variants of existing
properties that return naïve datetime objects.
* Added rsa_recover_private_exponent()
* Added reset_nonce() for altering the nonce of a cipher context
without initializing a new instance. See the docs for additional
restrictions.
* NameAttribute now raises an exception when attempting to create a
common name whose length is shorter or longer than RFC 5280 permits.
* Added basic support for PKCS7 encryption (including SMIME) via
PKCS7EnvelopeBuilder.

-Paul Kehrer (reaperhulk)

1

rocksolid light 0.9.8
clearnet tor