Obnoxious CryptographyDeprecationWarning because of missing hmac.compare_time function everywhere
Solution 1
I hit this error for quite sometime. For my environment, it was a pain to upgrade Python to a higher version than 2.7.6. The easier solution was to downgrade cryptography module using pip:
pip2.7 install cryptography==2.2.2
I think the best solution is to upgrade your python version though
Solution 2
This answer is for Python3
I got here by looking for an answer while using Paramiko. For those still looking for a simple answer. I got these CryptographyDeprecationWarning suppresed with the these lines of code before importing Paramiko:
import warnings
warnings.filterwarnings(action='ignore',module='.*paramiko.*')
I hope this helps
Solution 3
If you want to be more selective about suppressing JUST that particular deprecation warning:
import warnings
from cryptography.utils import CryptographyDeprecationWarning
warnings.filterwarnings("ignore", category=CryptographyDeprecationWarning)
Solution 4
I started getting this warning for a straightforward requests.get call. This warning is printed when the module cryptography.hazmat.primitives.constant_time is loaded, and so this should typically only come once per Python program. If you are seeing it many times, it must be because a Python program (like a utility) is getting executed multiple times. You just have to identify that program and add the below code to the main entry point:
import cryptography
from cryptography import utils
with warnings.catch_warnings():
warnings.simplefilter('ignore', cryptography.utils.DeprecatedIn23)
import cryptography.hazmat.primitives.constant_time
Solution 5
For Python3 only:
Per an apparent Paramiko update this worked for me and solve the similar problem/symptoms I was experiencing:
pip3 install --upgrade paramiko
This installed paramiko 2.6.0 on my system, replacing 2.4.2:
$ pip3 install --upgrade paramiko
[...]
Installing collected packages: paramiko
Found existing installation: paramiko 2.4.2
Uninstalling paramiko-2.4.2:
Successfully uninstalled paramiko-2.4.2
Successfully installed paramiko-2.6.0
$
My Python2 environment appears to be messed up, so I'm not able to test this on Python2.
Related videos on Youtube
07 : 07
24 : 09
02 : 55
01 : 57
08 : 03
10 : 37
03 : 54
00 : 48
09 : 40
12 : 03
04 : 07
19 : 19
Comments
-
Dustin Oprea over 2 years
Things were running along fine until one of my projects started printing this everywhere, at the top of every execution, at least once:
local/lib/python2.7/site-packages/cryptography/hazmat/primitives/constant_time.py:26: CryptographyDeprecationWarning: Support for your Python version is deprecated. The next version of cryptography will remove support. Please upgrade to a 2.7.x release that supports hmac.compare_digest as soon as possible.I have no idea why it started and it's disrupting the applications'/tools' output, especially when it's being captured and consumed by other tools. Like many difficulties throughout time, I'm fairly certain it is related to
urlliband, by association,requests. Worse, I have so many projects and cross-dependencies that I can't possibly update all of the imports and branches with the call towarnings.filterwarnings()to suppress the warning.I have Python 2.7.6 . Apparently this goes away in 2.7.7 . Only, I have some systems that have 2.7.6 where I do not see the warnings. So, something may or may not be disabling them in one version and I might've inadvertently replaced it with another version.
My Ubuntu, Python, urllib, requests (with the security option), cryptography, and hmac are all identical versions/builds on systems that do print the warning and systems that do not.
There appears to be no relevant warnings or announcements online and it seems like any related project is static/stable by this point (even though 'hmac' can be installed via PIP, it hasn't changed in eight years).
-
AChampion over 5 yearsWhat version of thecryptographymodule do you have installed in the different environments. This warning was only added to the git repository early in 2018: github.com/pyca/cryptography/pull/4261. Can you pin the cryptography module to an older version - you would not get these warnings? I'm assuming you just have an older version of the module installed on the systems you are not getting the warning. -
Dustin Oprea over 5 yearsHmm. Well, 2.2.2 removes the warning for me, locally, but now my confusion is due to the fact that: a) I run all of my stuff out of virtualenvs and the cryptography package is absent and unimportable unless I install it through my install process. So, why is the one that my install process is installing producing the warning remotely but not locally. b) That said, I'm quite sure that when I've asked our devops team to update our provisioning for the servers, they did not tie it to a specific version. So, the servers should have latest,too. Ideas?
-
AChampion over 5 yearsSorry, no idea what your processes are so cannot answer why.
-
Dustin Oprea over 5 yearsI'm doing my best to spell them out for you. There's no magic to it. They're effectively just PIP-installs. I figured there was something that I must be missing.
-
-
Dustin Oprea over 5 yearsYeah, but sometimes it's out if your hands. This had worked for me, too. Tried all of the recent versions until it went away.
-
Dustin Oprea about 5 yearsThe original question is a general Python cryptography warning. It has nothing to do with Paramiko.
-
Vic Olvera about 5 years@DustinOprea understood, maybe I should clarify that Paramiko was throwing the CryptographyDeprecationWarning for me. Hence my answer. Apologies if is confusing.
-
Dustin Oprea about 5 yearsI'm just trying to mitigate the chance that observers would think this might be Paramiko specific. Anything that is throwing the warning is doing so due to the issue in the cryptography package that they're all using.
-
Steven Almeroth about 5 years
-
bitdancer almost 5 yearsshould import
warningsnotwarning -
Aleksandar Pavić almost 5 yearsTried your solution, but... AttributeError: 'module' object has no attribute 'DeprecatedIn23' -
haridsv almost 5 years@AleksandarPavić What version of Python are you using?
-
Dustin Oprea over 3 yearsI had tried reverse-engineering the whole thing in order to crack that code and arrive at just such a solution but got nowhere. This is useful to know.
-
oberstet about 3 yearsthanks a lot! putting this at the right place is the only way I could get rid of this log noise. -
Klas Š. about 2 yearsBoth
import cryptographyandfrom cryptography import <whatever>emit the deprecations warning for me, so I went forpython import warnings with warnings.catch_warnings(): warnings.simplefilter("ignore") import cryptographyAfter that you can import other modules depending oncryptography.
