Obnoxious CryptographyDeprecationWarning because of missing hmac.compare_time function everywhere

Dustin Oprea picture Dustin Oprea · Aug 10, 2018 · Viewed 28.4k times · Source

Things were running along fine until one of my projects started printing this everywhere, at the top of every execution, at least once:

local/lib/python2.7/site-packages/cryptography/hazmat/primitives/constant_time.py:26: CryptographyDeprecationWarning: Support for your Python version is deprecated. The next version of cryptography will remove support. Please upgrade to a 2.7.x release that supports hmac.compare_digest as soon as possible.

I have no idea why it started and it's disrupting the applications'/tools' output, especially when it's being captured and consumed by other tools. Like many difficulties throughout time, I'm fairly certain it is related to urllib and, by association, requests. Worse, I have so many projects and cross-dependencies that I can't possibly update all of the imports and branches with the call to warnings.filterwarnings() to suppress the warning.

I have Python 2.7.6 . Apparently this goes away in 2.7.7 . Only, I have some systems that have 2.7.6 where I do not see the warnings. So, something may or may not be disabling them in one version and I might've inadvertently replaced it with another version.

My Ubuntu, Python, urllib, requests (with the security option), cryptography, and hmac are all identical versions/builds on systems that do print the warning and systems that do not.

There appears to be no relevant warnings or announcements online and it seems like any related project is static/stable by this point (even though 'hmac' can be installed via PIP, it hasn't changed in eight years).

Answer

mbenhalima picture mbenhalima · Sep 18, 2018

I hit this error for quite sometime. For my environment, it was a pain to upgrade Python to a higher version than 2.7.6. The easier solution was to downgrade cryptography module using pip:

pip2.7 install cryptography==2.2.2

I think the best solution is to upgrade your python version though