2025-10-07 –, Belvedere II/ Community, Contribution & the Future
For more than a decade, pyca/cryptography has been the most widely used cryptography library in the Python ecosystem, and for that entire period, we've relied on OpenSSL to provide core cryptographic algorithms, while also supporting various OpenSSL forks. However, we've also made changes to how we use OpenSSL in that period: we increasingly handle X.509 (including path building and parsing), as well as key parsing and serialization ourselves. This talk will cover lessons learned, and opportunity for improvement in OpenSSL, including API design, performance, and testing.
For more than a decade, pyca/cryptography has been the most widely used cryptography library in the Python ecosystem, and for that entire period, we've relied on OpenSSL to provide core cryptographic algorithms, while also supporting various OpenSSL forks. However, we've also made changes to how we use OpenSSL in that period: we increasingly handle X.509 (including path building and parsing), as well as key parsing and serialization ourselves. This talk will cover lessons learned, and opportunity for improvement in OpenSSL, including API design, performance, and testing.
Paul is a cryptographic security architect but also moonlights building AI datacenters. A founding member of the Python Cryptographic Authority, Paul has played a large part in the development of three major cryptographic libraries in Python since 2013. The principal library, pyca/cryptography, is the de facto standard cryptographic library in Python and depends heavily on OpenSSL and its forks. Paul has a focus on misuse resistant cryptography, both for developers and implementers, and deeply believes in the need for memory safety in foundational libraries.
Alex is a software resilience engineer. He's current a Member of the Technical Staff at Anthropic. He's previously served as Deputy Chief Technologist for the Federal Trade Commission, tech lead for Firefox sandboxing, among others. He's also a long time open source contributor, asa maintainer of the Python Cryptographic Authority, core developer of CPython and PyPy, creator of the project that became Rust in the Linux kernel, and many others. Alex is based in Washington, DC and likes bagels and delis.