Package: python3-cryptography Version: 42.0.5-2+b1 Followup-For: Bug #1078747
Hi, This was caused by the recent split of legacy providers from the main OpenSSL package. Installing openssl-provider-legacy "fixes" the error. These are the aloorithms considered "legacy": Hashing: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160 Ciphers: Blowfish, CAST, DES, IDEA, RC2, RC4, RC5, SEED KDF: PBKDF1, PVKKDF (From https://manpages.debian.org/bookworm/openssl/OSSL_PROVIDER-legacy.7ssl.en.html) Some of the software I tried works with setting CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1, because they obviously don't use any of the legacy algorithms... I wonder if this really needs to be a hard fail in Debian? Or do we want to patch every cryptography-using tool with a line like os.environ['CRYPTOGRAPHY_OPENSSL_NO_LEGACY'] = "1" to "promise" not to require the legacy ciphers? And every package which needs these ciphers must add a dependency on openssl-provider-legacy? I currently don't have a good solution. Making python3-cryptography depend on openssl-provider-legacy feels kinda wrong to me... Regargs, Tobias -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.10.4-amd64 (SMP w/12 CPU threads; PREEMPT) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=de:en_GB:en_US Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages python3-cryptography depends on: ii libc6 2.39-7 ii libgcc-s1 14.2.0-2 ii libssl3t64 3.3.1-6 ii python3 3.12.5-1 ii python3-cffi-backend [python3-cffi-backend-api-min] 1.17.0-1 pn python3-cffi-backend-api-max <none> python3-cryptography recommends no packages. Versions of packages python3-cryptography suggests: pn python-cryptography-doc <none> pn python3-cryptography-vectors <none> -- no debconf information
