Menu
Trying to resolve an OpenSSL version issue I'm having.
It seems that I have three different versions of OpenSSL on my Mac.
Python 2.7.11 has version 0.9.7m:
python -c "import ssl; print ssl.OPENSSL_VERSION"
OpenSSL 0.9.7m 23 Feb 2007
At the Terminal:
openssl version
OpenSSL 1.0.1h 5 Jun 2014
Recently Compiled / Installed:
/usr/local/ssl/bin/openssl
OpenSSL> version
OpenSSL 1.0.2h 3 May 2016
OpenSSL>
I recently upgraded my OS X to 10.11.5. In the process, caused an issue for previously working python scripts. Below is the error message snippet:
Python Error Message:
You are linking against OpenSSL 0.9.8, which is no longer *
RuntimeError: You are linking against OpenSSL 0.9.8, which is no longer support by the OpenSSL project. You need to upgrade to a newer version of OpenSSL.
(* - yes, this is how the error message looks like. It's trimmed in the middle of the sentence.)
Any recommendations on resolving this issue would be greatly appreciated. What I'd like is to have Python reference the OpenSSL version 1.0.2h vs the outdated version 0.9.7m.
I've tried installing Python and OpenSSL many times using various post / blogs for guidance without any luck.
654
Currently Python versions 3.6 to 3.9 are compatible with OpenSSL 1.0. 2, 1.1. 0, and 1.1. 1.
Whether you are building apps for just macOS or for cross-platform, if your app is using OpenSSL for crypto-works, you will have to install OpenSSL library since macOS ships with LibreSSL. Furthermore, cross-platform cryptography in . Net Core and . Net 5 uses OpenSSL on macOS.
Use this as a workaround:
export CRYPTOGRAPHY_ALLOW_OPENSSL_098=1
This appears to be a recent check of the hazmat cryptography library. You can see the source code at:
https://github.com/pyca/cryptography/blob/master/src/cryptography/hazmat/bindings/openssl/binding.py#L221
The CRYPTOGRAPHY_ALLOW_OPENSSL_098 environment variable downgrades the error to a deprecation warning, if you are willing to take the risk. I also ran into this on OS X in just the past day, so something changed recently.
189
You can install a version of python that uses a newer version of openssl.
First you can brew install a new version of open SSL
brew update
brew install openssl
brew link --force openssl
You should see a newer version with
openssl version -a
Then you can install a different version of python which uses that newer version of openssl. If you use pyenv, that would be:
CFLAGS="-I$(brew --prefix openssl)/include" \
LDFLAGS="-L$(brew --prefix openssl)/lib" \
pyenv install -v 3.4.3
You can find more information about installing a version of python with a brew installed version of openssl here: https://github.com/yyuu/pyenv/wiki/Common-build-problems
31
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
