Deprecate OpenSSL<3 (#13213)

Author: alex

CHANGELOG.rst

@@ -9,6 +9,8 @@ Changelog
 .. note:: This version is not yet released and is under active development.
 
 * **BACKWARDS INCOMPATIBLE:** Support for Python 3.7 has been removed.
+* Support for OpenSSL < 3.0 is deprecated and will be removed in the next
+  release.
 * Removed the deprecated ``get_attribute_for_oid`` method on
   :class:`~cryptography.x509.CertificateSigningRequest`. Users should use
   :meth:`~cryptography.x509.Attributes.get_attribute_for_oid` instead.

src/cryptography/hazmat/bindings/openssl/binding.py

@@ -16,6 +16,7 @@
 from cryptography.exceptions import InternalError
 from cryptography.hazmat.bindings._rust import _openssl, openssl
 from cryptography.hazmat.bindings.openssl._conditional import CONDITIONAL_NAMES
+from cryptography.utils import CryptographyDeprecationWarning
 
 
 def _openssl_assert(ok: bool) -> None:
@@ -120,3 +121,17 @@ def _verify_package_version(version: str) -> None:
         UserWarning,
         stacklevel=2,
     )
+
+if (
+    not openssl.CRYPTOGRAPHY_IS_LIBRESSL
+    and not openssl.CRYPTOGRAPHY_IS_BORINGSSL
+    and not openssl.CRYPTOGRAPHY_IS_AWSLC
+    and not openssl.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER
+):
+    warnings.warn(
+        "You are using OpenSSL < 3.0. Support for OpenSSL < 3.0 is deprecated "
+        "and will be removed in the next release. Please upgrade to OpenSSL "
+        "3.0 or later.",
+        CryptographyDeprecationWarning,
+        stacklevel=2,
+    )