From 6e1ab76c65d3ef227ca4fe37aa7932f60f502f0e Mon Sep 17 00:00:00 2001
From: Brad Warren <bmw@eff.org>
Date: Wed, 6 Jan 2021 12:33:43 -0800
Subject: [PATCH] update min cryptography version

---
 acme/setup.py                | 2 +-
 certbot/setup.py             | 2 +-
 tools/oldest_constraints.txt | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/acme/setup.py b/acme/setup.py
index 17a5af8d3..006a1e6ee 100644
--- a/acme/setup.py
+++ b/acme/setup.py
@@ -11,7 +11,7 @@ version = '1.12.0.dev0'
 install_requires = [
     # load_pem_private/public_key (>=0.6)
     # rsa_recover_prime_factors (>=0.8)
-    'cryptography>=1.2.3',
+    'cryptography>=2.1.4',
     # formerly known as acme.jose:
     # 1.1.0+ is required to avoid the warnings described at
     # https://github.com/certbot/josepy/issues/13.
diff --git a/certbot/setup.py b/certbot/setup.py
index ea87d2301..6195c5f39 100644
--- a/certbot/setup.py
+++ b/certbot/setup.py
@@ -41,7 +41,7 @@ install_requires = [
     # in which we added 2.6 support (see #2243), so we relax the requirement.
     'ConfigArgParse>=0.9.3',
     'configobj',
-    'cryptography>=1.2.3',  # load_pem_x509_certificate
+    'cryptography>=2.1.4',
     'distro>=1.0.1',
     # 1.1.0+ is required to avoid the warnings described at
     # https://github.com/certbot/josepy/issues/13.
diff --git a/tools/oldest_constraints.txt b/tools/oldest_constraints.txt
index 5d1446005..987cbf99c 100644
--- a/tools/oldest_constraints.txt
+++ b/tools/oldest_constraints.txt
@@ -43,7 +43,6 @@ google-api-python-client==1.5.5
 # Our setup.py constraints
 apacheconfig==0.3.2
 cloudflare==1.5.1
-cryptography==1.2.3
 parsedatetime==1.3
 pyparsing==1.5.5
 python-digitalocean==1.11
@@ -56,6 +55,7 @@ funcsigs==0.4
 zope.hookable==4.0.4
 
 # Ubuntu Bionic constraints.
+cryptography==2.1.4
 distro==1.0.1
 # Lexicon oldest constraint is overridden appropriately on relevant DNS provider plugins
 # using their local-oldest-requirements.txt