cryptography depends on the OpenSSL C library for all cryptographic operation. OpenSSL is the de facto standard for cryptographic libraries and provides high performance along with various certifications that may be relevant to developers.
A list of supported versions can be found in our /installation documentation.
In general the backend should be considered an internal implementation detail of the project, but there are some public methods available for debugging purposes.
cryptography.hazmat.backends.openssl.backend
openssl_version_text()
- return text
The friendly string name of the loaded OpenSSL library. This is not necessarily the same version as it was compiled against.
openssl_version_number()
1.8
- return int
The integer version of the loaded OpenSSL library. This is defined in
opensslv.hasOPENSSL_VERSION_NUMBERand is typically shown in hexadecimal (e.g.0x1010003f). This is not necessarily the same version as it was compiled against.
39.0.0
Users can set CRYPTOGRAPHY_OPENSSL_NO_LEGACY environment variable to disable the legacy provider in OpenSSL 3.x. This will disable legacy cryptographic algorithms, including Blowfish, CAST5, SEED, ARC4, and RC2 (which is used by some encrypted serialization formats).