Sign up to save your podcasts
Or
Share Python Cryptography Breaks Up with OpenSSL with Paul Kehrer and Alex Gaynor
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Python Cryptography Breaks Up with OpenSSL with Paul Kehrer and Alex Gaynor
The Python cryptography module, pyca/cryptography, has mostly been a sane wrapper around a pile of C, so that users get performant cryptography on the many, many platforms Python targets. Therefore its maintainers, Alex Gaynor and Paul Kehrer, have become intimately familiar with OpenSSL. Recently, they declared that after many years of trying to make it work, they announced pyca/cryptography would be moving away from OpenSSL when supporting new functionality and exploring adding other backends instead. We invited them on to tell us about what has happened to OpenSSL, even after the investments and improvements following Heartbleed. No guests on this pod represent anyone besides themselves.
Watch on YouTube: https://www.youtube.com/watch?v=dEKBHI3rodY
Transcript: https://securitycryptographywhatever.com/2026/02/01/python-cryptography-breaks-up-with-openssl
Links:
- https://cryptography.io/en/latest/statements/state-of-openssl/
- Py Cryptography: https://cryptography.io
- https://archive.openssl-conference.org/2025/presentations/Alex_Gaynor_Paul_Kehrer_The_Python_Cryptographic_Authoritys_OpenSSL_Experience.pdf
- https://securitycryptographywhatever.com/2025/08/16/alex-gaynor/
- https://packages.gentoo.org/packages/media-libs/libsdl
- https://www.youtube.com/watch?v=RUIguklWwx0
- https://datatracker.ietf.org/doc/rfc9180/
- https://docs.openssl.org/3.3/man3/OSSL_PARAM/
- https://openssl.foundation/
- https://github.com/openssl/openssl/issues/17064
- https://www.feistyduck.com/newsletter/issue_132_openssl_performance_still_under_scrutiny
- https://github.com/topazproject/topaz
- https://github.com/actions/runner/issues/1069
- https://crystalhotsauce.com/
- https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467
- https://en.wikipedia.org/wiki/Ship_of_Theseus
- https://boringssl.googlesource.com/boringssl/+/aa202db1d7091b88b80f0a58c630c5c1aefc817d
- https://www.ibm.com/products/open-sdk-for-rust-aix
- https://dadrian.io/blog/posts/corporate-support-xz/
- https://peps.python.org/
- https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ed448/
- https://go.dev/blog/fips140
- https://dadrian.io/blog/posts/roll-your-own-crypto/
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@dadrian)
View all episodes
By Deirdre Connolly, Thomas Ptacek, David Adrian
4.9
7979 ratings
The Python cryptography module, pyca/cryptography, has mostly been a sane wrapper around a pile of C, so that users get performant cryptography on the many, many platforms Python targets. Therefore its maintainers, Alex Gaynor and Paul Kehrer, have become intimately familiar with OpenSSL. Recently, they declared that after many years of trying to make it work, they announced pyca/cryptography would be moving away from OpenSSL when supporting new functionality and exploring adding other backends instead. We invited them on to tell us about what has happened to OpenSSL, even after the investments and improvements following Heartbleed. No guests on this pod represent anyone besides themselves.
Watch on YouTube: https://www.youtube.com/watch?v=dEKBHI3rodY
Transcript: https://securitycryptographywhatever.com/2026/02/01/python-cryptography-breaks-up-with-openssl
Links:
- https://cryptography.io/en/latest/statements/state-of-openssl/
- Py Cryptography: https://cryptography.io
- https://archive.openssl-conference.org/2025/presentations/Alex_Gaynor_Paul_Kehrer_The_Python_Cryptographic_Authoritys_OpenSSL_Experience.pdf
- https://securitycryptographywhatever.com/2025/08/16/alex-gaynor/
- https://packages.gentoo.org/packages/media-libs/libsdl
- https://www.youtube.com/watch?v=RUIguklWwx0
- https://datatracker.ietf.org/doc/rfc9180/
- https://docs.openssl.org/3.3/man3/OSSL_PARAM/
- https://openssl.foundation/
- https://github.com/openssl/openssl/issues/17064
- https://www.feistyduck.com/newsletter/issue_132_openssl_performance_still_under_scrutiny
- https://github.com/topazproject/topaz
- https://github.com/actions/runner/issues/1069
- https://crystalhotsauce.com/
- https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467
- https://en.wikipedia.org/wiki/Ship_of_Theseus
- https://boringssl.googlesource.com/boringssl/+/aa202db1d7091b88b80f0a58c630c5c1aefc817d
- https://www.ibm.com/products/open-sdk-for-rust-aix
- https://dadrian.io/blog/posts/corporate-support-xz/
- https://peps.python.org/
- https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ed448/
- https://go.dev/blog/fips140
- https://dadrian.io/blog/posts/roll-your-own-crypto/
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@dadrian)
More shows like Security Cryptography Whatever
View all
Freakonomics Radio
32,246 Listeners
Planet Money
30,609 Listeners
Hacked
187 Listeners
Security Now (Audio)
2,011 Listeners
WSJ Tech News Briefing
1,649 Listeners
The a16z Show
1,105 Listeners
Software Engineering Daily
626 Listeners
Risky Business
371 Listeners
The Quanta Podcast
544 Listeners
Darknet Diaries
8,077 Listeners
All-In with Chamath, Jason, Sacks & Friedberg
10,254 Listeners
Dwarkesh Podcast
551 Listeners
Search Engine
4,599 Listeners
No Priors: Artificial Intelligence | Technology | Startups
150 Listeners
The 404 Media Podcast
398 Listeners