Skip to content

Failed to create SSL context when FIPS enabled in python-cryptography #128931

New issue
New issue
Open
Open
Failed to create SSL context when FIPS enabled in python-cryptography#128931
Labels
extension-modulesC modules in the Modules dirpendingThe issue will be closed if no feedback is providedtopic-SSLtype-bugAn unexpected behavior, bug, or error
@akash0x53

Description

@akash0x53
akash0x53
opened on Jan 17, 2025

Bug report

Bug description:

Strange behviour seen on Windows Python (build from source & linked OpenSSL 3.0.14).

Platform: Windows (amd64)
Python version: 3.9.20
OpenSSL version: 3.0.14
Python cryptography version: 43.0.3

import os
os.environ["CRYPTOGRAPHY_OPENSSL_NO_LEGACY"] = "1"
os.environ["OPENSSL_CONF"] = r"C:\fips\openssl.cnf"
os.environ["OPENSSL_MODULES"] = r"C:\fips"

from cryptography.hazmat.bindings._rust import openssl as _rust_openssl
print("rust openssl=",_rust_openssl.is_fips_enabled())

from cryptography.hazmat.primitives.asymmetric import rsa
rsa.generate_private_key(public_exponent=65537, key_size=2048)

import ssl
ctx = ssl.SSLContext()

----- output ------

rust openssl= True
Traceback (most recent call last):
  File "C:\cygwin64\home\nshende1\flexsnap\ssl_bug.py", line 13, in <module>
    ctx = ssl.SSLContext()
  File "C:\cygwin64\home\nshende1\flexsnap\buildarea\pyenv\lib\ssl.py", line 484, in __new__
    self = _SSLContext.__new__(cls, protocol)
ssl.SSLError: [SSL: LIBRARY_HAS_NO_CIPHERS] library has no ciphers (_ssl.c:3179)

CPython versions tested on:

3.9, 3.13

Operating systems tested on:

Windows

Metadata

Metadata

Assignees

No one assigned

    Labels

    extension-modulesC modules in the Modules dirpendingThe issue will be closed if no feedback is providedtopic-SSLtype-bugAn unexpected behavior, bug, or error

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions