Security Cryptography Whatever
Python Cryptography Breaks Up with OpenSSL with Paul Kehrer and Alex Gaynor
Security Cryptography Whatever
•February 2, 2026•1h 12m
0
Security Cryptography Whatever•Feb 2, 2026
Why It Matters
OpenSSL’s dominance in the cryptographic ecosystem means its shortcomings affect millions of Python applications; a more flexible backend model can reduce security risks and maintenance burdens. This transition signals a pivotal change for developers who rely on pyca/cryptography for secure, performant code, making the episode essential for anyone building or maintaining security‑critical Python software.
Key Takeaways
- •Cryptography library ships pre‑compiled wheels for all major platforms.
- •OpenSSL 3’s provider design caused severe performance slowdowns.
- •Cryptography team reimplemented HPKE to ensure cross‑fork consistency.
- •Provider APIs introduced complex concurrency, leading to RCU bugs.
- •Python Cryptographic Authority influences millions of Python packages worldwide.
Pulse Analysis
The Python cryptography library has become the de‑facto standard for secure Python development, largely because it distributes binary wheels for every major operating system and CPU architecture. These pre‑compiled packages eliminate the need for developers to compile OpenSSL from source, a process that was once fraught with compatibility headaches. By handling low‑level bindings in Rust and C, the library offers a reliable, high‑performance alternative that integrates seamlessly with popular tools like Requests, Certbot, and cloud‑native CLIs.
When OpenSSL 3 arrived, its new provider architecture introduced a cascade of performance regressions. Parsing simple structures such as elliptic‑curve public keys became up to eight times slower, and the added indirection through provider look‑ups generated excessive allocations, locking, and RCU overhead. The cryptography maintainers measured a 60 % speed boost by moving public‑key parsing to their own Rust code, highlighting how the provider model’s complexity directly impacts real‑world workloads like X.509 path validation. These findings underscore why many developers view OpenSSL 3’s design as a step backward for latency‑sensitive applications.
Faced with inconsistent behavior across OpenSSL forks—LibreSSL, BoringSSL, AWS‑LC—the cryptography team chose to implement HPKE (Hybrid Public Key Encryption) themselves, leveraging OpenSSL’s primitive APIs while guaranteeing uniform functionality. This decision also sidesteps provider‑related bugs and concurrency pitfalls, such as RCU‑related race conditions that can surface when new providers are added at runtime. By controlling critical primitives, the Python Cryptographic Authority maintains a stable security surface, ensuring that millions of downstream packages inherit predictable, performant cryptographic operations without relying on the volatile internals of OpenSSL’s evolving provider system.
Episode Description
The Python cryptography module, pyca/cryptography, has mostly been a sane wrapper around a pile of C, so that users get performant cryptography on the many, many platforms Python targets. Therefore its maintainers, Alex Gaynor and Paul Kehrer, have become intimately familiar with OpenSSL. Recently, they declared that after many years of trying to make it work, they announced pyca/cryptography would be moving away from OpenSSL when supporting new functionality and exploring adding other backends instead. We invited them on to tell us about what has happened to OpenSSL, even after the investments and improvements following Heartbleed. No guests on this pod represent anyone besides themselves.
Watch on YouTube: https://www.youtube.com/watch?v=dEKBHI3rodY
Transcript: https://securitycryptographywhatever.com/2026/02/01/python-cryptography-breaks-up-with-openssl
Links:
-
https://cryptography.io/en/latest/statements/state-of-openssl/
-
Py Cryptography: https://cryptography.io
-
https://archive.openssl-conference.org/2025/presentations/Alex_Gaynor_Paul_Kehrer_The_Python_Cryptographic_Authoritys_OpenSSL_Experience.pdf
-
https://securitycryptographywhatever.com/2025/08/16/alex-gaynor/
-
https://packages.gentoo.org/packages/media-libs/libsdl
-
https://www.youtube.com/watch?v=RUIguklWwx0
-
https://datatracker.ietf.org/doc/rfc9180/
-
https://docs.openssl.org/3.3/man3/OSSL_PARAM/
-
https://openssl.foundation/
-
https://github.com/openssl/openssl/issues/17064
-
https://www.feistyduck.com/newsletter/issue_132_openssl_performance_still_under_scrutiny
-
https://github.com/topazproject/topaz
-
https://github.com/actions/runner/issues/1069
-
https://crystalhotsauce.com/
-
https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467
-
https://en.wikipedia.org/wiki/Ship_of_Theseus
-
https://boringssl.googlesource.com/boringssl/+/aa202db1d7091b88b80f0a58c630c5c1aefc817d
-
https://www.ibm.com/products/open-sdk-for-rust-aix
-
https://dadrian.io/blog/posts/corporate-support-xz/
-
https://peps.python.org/
-
https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ed448/
-
https://go.dev/blog/fips140
-
https://dadrian.io/blog/posts/roll-your-own-crypto/
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
Show Notes
0
Comments
Want to join the conversation?
Loading comments...