| single |
========================================================
pyOpenSSL -- A Python wrapper around the OpenSSL library
========================================================
:alt: Stable Docs
**Note:** The Python Cryptographic Authority **strongly suggests** the use
of `pyca/cryptography`_
where possible. If you are using pyOpenSSL for anything other than making a
TLS connection
**you should move to cryptography and drop your pyOpenSSL dependency**.
High-level wrapper around a subset of the OpenSSL library. Includes
* ``SSL.Connection`` objects, wrapping the methods of Python's portable
sockets
* Callbacks written in Python
* Extensive error-handling mechanism, mirroring OpenSSL's error codes
... and much more.
You can find more information in the documentation_.
Development takes place on GitHub_.
Discussion
==========
If you run into bugs, you can file them in our `issue tracker`_.
We maintain a cryptography-dev_ mailing list for both user and development
discussions.
You can also join ``#pyca on irc.libera.chat`` to ask questions or get
involved.
.. _documentation: https://pyopenssl.org/
.. _`issue tracker`: https://github.com/pyca/pyopenssl/issues
.. _cryptography-dev:
https://mail.python.org/mailman/listinfo/cryptography-dev
.. _GitHub: https://github.com/pyca/pyopenssl
.. _`pyca/cryptography`: https://github.com/pyca/cryptography
Release Information
===================
26.2.0 (2026-05-04)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Removed deprecated ``OpenSSL.crypto.X509Extension``,
``OpenSSL.crypto.X509Req.add_extension``,
``OpenSSL.crypto.X509Req.get_extensions``,
``OpenSSL.crypto.X509.add_extension``,
``OpenSSL.crypto.X509.get_extensions``. ``cryptography.x509`` should be
used instead.
- It is now an error to calling any mutating method on
``OpenSSL.SSL.Context after it has been used to create a Connection``. This
was previously deprecated and has always been unsafe.
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
- Maximum supported cryptography version is now 48.x.
- Added ``OpenSSL.SSL.Connection.set_options`` to set options on a
per-connection basis.
26.1.0 (2026-04-24)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
- Maximum supported cryptography version is now 47.x.
- Fixed X509Name field setters to correctly pass the value length to
OpenSSL. Previously, values containing NUL bytes would be silently
truncated, causing a divergence between the stored ASN.1 value and the
value visible from Python. Credit to **BudongJW** for reporting the issue.
**CVE-2026-40475**
26.0.0 (2026-03-15)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Dropped support for Python 3.7.
- The minimum cryptography version is now 46.0.0.
Deprecations:
|