PyOpenSSL

raw JSON →
26.0.0 verified Tue May 12 auth: no python install: verified quickstart: verified

PyOpenSSL is a Python wrapper around the OpenSSL library, providing a high-level interface for cryptographic operations. The current version is 26.0.0, with releases following a regular cadence to incorporate updates and fixes.

pip install pyopenssl

Common errors

error ModuleNotFoundError: No module named 'OpenSSL'
cause The pyopenssl library (which provides the OpenSSL package) is not installed or not accessible in the current Python environment.
fix
pip install pyopenssl
error OpenSSL.SSL.Error: [('PEM routines', 'PEM_read_bio', 'no start line')]
cause The file or data provided for loading a certificate or private key does not contain valid PEM-encoded data, missing the expected 'BEGIN' line.
fix
Ensure the certificate or key data is correctly formatted as PEM, starting with -----BEGIN... and ending with -----END....
error TypeError: argument of type 'str' is not iterable
cause Functions like `OpenSSL.crypto.load_certificate` expect byte strings for certificate/key data, but a regular string was provided.
fix
Encode the certificate/key string to bytes before passing it: 
cert_string = "..."
cert_bytes = cert_string.encode('utf-8')
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert_bytes)
error AttributeError: module 'OpenSSL.SSL' has no attribute 'TLSv1_2_METHOD'
cause Direct protocol methods like `TLSv1_2_METHOD` are deprecated in newer pyopenssl versions; use `TLS_METHOD` with explicit version settings.
fix
Use the generic TLS_METHOD and then set the minimum/maximum protocol versions on the context: 
context = OpenSSL.SSL.Context(OpenSSL.SSL.TLS_METHOD)
context.set_min_proto_version(OpenSSL.SSL.TLS1_2_VERSION)
context.set_max_proto_version(OpenSSL.SSL.TLS1_2_VERSION)

Warnings

breaking PyOpenSSL version 23.0.0 is incompatible with cryptography version 39.0.0 due to the removal of the 'x509' module.
fix Upgrade PyOpenSSL to a version compatible with cryptography 39.0.0 or later.
deprecated The 'load_pkcs12' function in PyOpenSSL is deprecated and may be removed in future versions.
fix Use alternative methods for handling PKCS12 files.

Install compatibility verified last tested: 2026-05-12

python os / libc status wheel install import disk
3.10 alpine (musl) - - 0.32s 33.7M
3.10 slim (glibc) - - 0.22s 34M
3.11 alpine (musl) - - 0.69s 36.2M
3.11 slim (glibc) - - 0.55s 37M
3.12 alpine (musl) - - 0.74s 28.0M
3.12 slim (glibc) - - 0.75s 28M
3.13 alpine (musl) - - 0.36s 27.2M
3.13 slim (glibc) - - 0.38s 28M
3.9 alpine (musl) - - 0.30s 33.9M
3.9 slim (glibc) - - 0.30s 34M

Imports

Quickstart verified last tested: 2026-04-23

This script demonstrates how to generate a new RSA key pair and create a self-signed certificate using PyOpenSSL.

from OpenSSL import crypto

# Generate a new RSA key pair
key = crypto.PKey()
key.generate_key(crypto.TYPE_RSA, 2048)

# Create a self-signed certificate
cert = crypto.X509()
cert.set_version(2)
cert.set_serial_number(1000)
cert.get_subject().CN = 'example.com'
cert.set_issuer(cert.get_subject())
cert.set_pubkey(key)
cert.sign(key, 'sha256')

# Save the private key and certificate to files
with open('private_key.pem', 'wb') as key_file:
    key_file.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key))

with open('certificate.pem', 'wb') as cert_file:
    cert_file.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))

print('Private key and certificate have been generated and saved.')
last verified Tue May 12
next check Fri Jun 26