19

Trying to resolve an OpenSSL version issue I'm having.

It seems that I have three different versions of OpenSSL on my Mac.

  1. Python 2.7.11 has version 0.9.7m:

    python -c "import ssl; print ssl.OPENSSL_VERSION"
OpenSSL 0.9.7m 23 Feb 2007

  2. At the Terminal:

    openssl version
OpenSSL 1.0.1h 5 Jun 2014

  3. Recently Compiled / Installed: 

    /usr/local/ssl/bin/openssl
OpenSSL> version
OpenSSL 1.0.2h  3 May 2016
OpenSSL>

I recently upgraded my OS X to 10.11.5. In the process, caused an issue for previously working python scripts. Below is the error message snippet:

Python Error Message: 

 You are linking against OpenSSL 0.9.8, which is no longer *
 RuntimeError: You are linking against OpenSSL 0.9.8, which is no longer support by the OpenSSL project. You need to upgrade to a newer version of OpenSSL.

(* - yes, this is how the error message looks like. It's trimmed in the middle of the sentence.)

Any recommendations on resolving this issue would be greatly appreciated. What I'd like is to have Python reference the OpenSSL version 1.0.2h vs the outdated version 0.9.7m.

I've tried installing Python and OpenSSL many times using various post / blogs for guidance without any luck.

voromax
  • 3,369
  • 2
  • 30
  • 53
rdediana
  • 223
  • 1
  • 2
  • 6
  • "i've tried installing Python and OpenSSL many times using various post / blogs for guidance without any luck" - then either the blog post were wrong or did not match your OS X version or you did not follow the instructions properly. Unfortunately it is unknown what exactly went wrong without further details. And under this circumstances it does not make sense to add yet another description on how to install your own Python and OpenSSL. – Steffen Ullrich Jun 08 '16 at 04:59

2 Answers2

17

Use this as a workaround:

export CRYPTOGRAPHY_ALLOW_OPENSSL_098=1

This appears to be a recent check of the hazmat cryptography library. You can see the source code at:

https://github.com/pyca/cryptography/blob/master/src/cryptography/hazmat/bindings/openssl/binding.py#L221

The CRYPTOGRAPHY_ALLOW_OPENSSL_098 environment variable downgrades the error to a deprecation warning, if you are willing to take the risk. I also ran into this on OS X in just the past day, so something changed recently.

Greg Dubicki
  • 5,983
  • 3
  • 55
  • 68
braddock
  • 1,345
  • 2
  • 11
  • 13
  • it's worth noting that cryptography 1.3 was the last version to work un-aided with 0.9.8, and 1.4 is the last version that will work at all - https://github.com/pyca/cryptography/issues/2836 - "to allow disabling it for this one release". – keen Jun 08 '16 at 21:20
  • This should be the answer – avoliva Nov 18 '16 at 20:36
  • Use export CRYPTOGRAPHY_ALLOW_OPENSSL_100=1 if you are getting the error - You are linking against OpenSSL 1.0.0, which is no longer support by the OpenSSL project. You need to upgrade to a newer version of OpenSSL – Amit Jaiswal Jan 22 '17 at 12:01
10

You can install a version of python that uses a newer version of openssl.

First you can brew install a new version of open SSL

brew update
brew install openssl
brew link --force openssl

You should see a newer version with

openssl version -a

Then you can install a different version of python which uses that newer version of openssl. If you use pyenv, that would be:

CFLAGS="-I$(brew --prefix openssl)/include" \
LDFLAGS="-L$(brew --prefix openssl)/lib" \
pyenv install -v 3.4.3

You can find more information about installing a version of python with a brew installed version of openssl here: https://github.com/yyuu/pyenv/wiki/Common-build-problems

Jared
  • 149
  • 6