HeadlinesBriefing favicon HeadlinesBriefing.com

OpenSSL 3 Problems Prompt pyca/cryptography Shift

Hacker News: Front Page •
×

Longtime Python cryptography maintainers Paul Kehrer and Alex Gaynor warn that OpenSSL's direction has created major problems for their library. They argue OpenSSL 3 introduced performance regressions, complex APIs, and insufficient testing, forcing the pyca/cryptography team to reconsider their dependency. Their critique follows years of reliance on OpenSSL for core algorithms.

OpenSSL 3's new OSSL_PARAM API and provider model added verbosity and overhead, making code harder to read and slower. The maintainers saw key parsing regressions so severe that moving X.509 and public key parsing to their own Rust code yielded dramatic speedups, proving better performance is practical without deep micro-optimizations.

Looking ahead, the team plans to reduce reliance on OpenSSL through several approaches, including expanding their Rust-based parsers. They believe OpenSSL's trajectory now requires either fundamental changes within OpenSSL itself or a strategic pivot by consumers. The community is watching to see if other major projects follow suit.