absurdfarce commented on PR #1288: URL: https://github.com/apache/cassandra-python-driver/pull/1288#issuecomment-4427735615
Given the [analysis above](https://github.com/apache/cassandra-python-driver/pull/1288#issuecomment-4427650648) I'm not sure there's much benefit to hiding [the md5 import](https://github.com/apache/cassandra-python-driver/blob/3.30.0/cassandra/metadata.py#L22) in metadata.py behind any kind of logical gate. The evidence seems to suggest that import will succeed in all cases. Huh, and this sure is interesting: ``` $ OPENSSLDIR=~/local/openssl-3.1.2-fips/ssl LD_LIBRARY_PATH=/home/mersault/local/openssl-3.1.2-fips/lib ~/local/python-3.12.11-fips/bin/python3 Python 3.12.11 (main, May 11 2026, 22:01:52) [GCC 14.2.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> from hashlib import md5 >>> foo = md5(usedforsecurity=False) >>> foo.update(b'abc') >>> foo.digest() b'\x90\x01P\x98<\xd2O\xb0\xd6\x96?}(\xe1\x7fr' >>> foo = md5() Traceback (most recent call last): File "<stdin>", line 1, in <module> _hashlib.UnsupportedDigestmodError: [digital envelope routines] unsupported ``` That seems to bolster your case @bschoening that just adding `usedforsecurity=False` goes a long way here. Hmmmm, if that does indeed hold up then that might be the only change we need here. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
