
Sign up to save your podcasts
Or


The Python cryptography module, pyca/cryptography, has mostly been a sane wrapper around a pile of C, so that users get performant cryptography on the many, many platforms Python targets. Therefore its maintainers, Alex Gaynor and Paul Kehrer, have become intimately familiar with OpenSSL. Recently, they declared that after many years of trying to make it work, they announced pyca/cryptography would be moving away from OpenSSL when supporting new functionality and exploring adding other backends instead. We invited them on to tell us about what has happened to OpenSSL, even after the investments and improvements following Heartbleed. No guests on this pod represent anyone besides themselves.
Watch on YouTube: https://www.youtube.com/watch?v=dEKBHI3rodY
Transcript: https://securitycryptographywhatever.com/2026/02/01/python-cryptography-breaks-up-with-openssl
Links:
- https://cryptography.io/en/latest/statements/state-of-openssl/
- Py Cryptography: https://cryptography.io
- https://archive.openssl-conference.org/2025/presentations/Alex_Gaynor_Paul_Kehrer_The_Python_Cryptographic_Authoritys_OpenSSL_Experience.pdf
- https://securitycryptographywhatever.com/2025/08/16/alex-gaynor/
- https://packages.gentoo.org/packages/media-libs/libsdl
- https://www.youtube.com/watch?v=RUIguklWwx0
- https://datatracker.ietf.org/doc/rfc9180/
- https://docs.openssl.org/3.3/man3/OSSL_PARAM/
- https://openssl.foundation/
- https://github.com/openssl/openssl/issues/17064
- https://www.feistyduck.com/newsletter/issue_132_openssl_performance_still_under_scrutiny
- https://github.com/topazproject/topaz
- https://github.com/actions/runner/issues/1069
- https://crystalhotsauce.com/
- https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467
- https://en.wikipedia.org/wiki/Ship_of_Theseus
- https://boringssl.googlesource.com/boringssl/+/aa202db1d7091b88b80f0a58c630c5c1aefc817d
- https://www.ibm.com/products/open-sdk-for-rust-aix
- https://dadrian.io/blog/posts/corporate-support-xz/
- https://peps.python.org/
- https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ed448/
- https://go.dev/blog/fips140
- https://dadrian.io/blog/posts/roll-your-own-crypto/
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
By Deirdre Connolly, Thomas Ptacek, David Adrian4.9
7979 ratings
The Python cryptography module, pyca/cryptography, has mostly been a sane wrapper around a pile of C, so that users get performant cryptography on the many, many platforms Python targets. Therefore its maintainers, Alex Gaynor and Paul Kehrer, have become intimately familiar with OpenSSL. Recently, they declared that after many years of trying to make it work, they announced pyca/cryptography would be moving away from OpenSSL when supporting new functionality and exploring adding other backends instead. We invited them on to tell us about what has happened to OpenSSL, even after the investments and improvements following Heartbleed. No guests on this pod represent anyone besides themselves.
Watch on YouTube: https://www.youtube.com/watch?v=dEKBHI3rodY
Transcript: https://securitycryptographywhatever.com/2026/02/01/python-cryptography-breaks-up-with-openssl
Links:
- https://cryptography.io/en/latest/statements/state-of-openssl/
- Py Cryptography: https://cryptography.io
- https://archive.openssl-conference.org/2025/presentations/Alex_Gaynor_Paul_Kehrer_The_Python_Cryptographic_Authoritys_OpenSSL_Experience.pdf
- https://securitycryptographywhatever.com/2025/08/16/alex-gaynor/
- https://packages.gentoo.org/packages/media-libs/libsdl
- https://www.youtube.com/watch?v=RUIguklWwx0
- https://datatracker.ietf.org/doc/rfc9180/
- https://docs.openssl.org/3.3/man3/OSSL_PARAM/
- https://openssl.foundation/
- https://github.com/openssl/openssl/issues/17064
- https://www.feistyduck.com/newsletter/issue_132_openssl_performance_still_under_scrutiny
- https://github.com/topazproject/topaz
- https://github.com/actions/runner/issues/1069
- https://crystalhotsauce.com/
- https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467
- https://en.wikipedia.org/wiki/Ship_of_Theseus
- https://boringssl.googlesource.com/boringssl/+/aa202db1d7091b88b80f0a58c630c5c1aefc817d
- https://www.ibm.com/products/open-sdk-for-rust-aix
- https://dadrian.io/blog/posts/corporate-support-xz/
- https://peps.python.org/
- https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ed448/
- https://go.dev/blog/fips140
- https://dadrian.io/blog/posts/roll-your-own-crypto/
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

32,267 Listeners

30,678 Listeners

189 Listeners

2,008 Listeners

1,648 Listeners

1,099 Listeners

624 Listeners

373 Listeners

546 Listeners

8,108 Listeners

10,224 Listeners

551 Listeners

4,551 Listeners

140 Listeners

400 Listeners