# HG changeset patch
# User Alex Gaynor <alex.gaynor@gmail.com>
# Date 1595300337 14400
#      Mon Jul 20 22:58:57 2020 -0400
# Node ID 4c316f2913660d4e150ac1150466be36a0f07e54
# Parent  84ae4f2ed5ae1fe90a9b9060c38b76afafaf534b
fixes #5321 -- deprecate support for OpenSSL 1.0.2 (#5333)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -8,6 +8,11 @@
 
 .. note:: This version is not yet released and is under active development.
 
+* Deprecated OpenSSL 1.0.2 support. OpenSSL 1.0.2 is no longer supported by
+  the OpenSSL project. At this time there is no time table for dropping
+  support, however we strongly encourage all users to upgrade or install
+  ``cryptography`` from a wheel.
+
 .. _v3-0:
 
 3.0 - 2020-07-20
diff --git a/docs/installation.rst b/docs/installation.rst
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -29,6 +29,10 @@
 * ``OpenSSL 1.1.0-latest``
 * ``OpenSSL 1.1.1-latest``
 
+.. warning::
+
+    Cryptography 3.1 has deprecated support for OpenSSL 1.0.2.
+
 Building cryptography on Windows
 --------------------------------
 
diff --git a/src/_cffi_src/openssl/cryptography.py b/src/_cffi_src/openssl/cryptography.py
--- a/src/_cffi_src/openssl/cryptography.py
+++ b/src/_cffi_src/openssl/cryptography.py
@@ -66,6 +66,7 @@
 static const int CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER;
 
 static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I;
+static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_110;
 static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111;
 static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B;
 static const int CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE;
diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py
--- a/src/cryptography/hazmat/bindings/openssl/binding.py
+++ b/src/cryptography/hazmat/bindings/openssl/binding.py
@@ -7,6 +7,7 @@
 import collections
 import threading
 import types
+import warnings
 
 import cryptography
 from cryptography import utils
@@ -153,6 +154,19 @@
             _openssl_assert(cls.lib, res == 1)
 
 
+def _verify_openssl_version(lib):
+    if (
+        lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
+        and not lib.CRYPTOGRAPHY_IS_LIBRESSL
+    ):
+        warnings.warn(
+            "OpenSSL version 1.0.2 is no longer supported by the OpenSSL "
+            "project, please upgrade. A future version of cryptography will "
+            "drop support for it.",
+            utils.CryptographyDeprecationWarning,
+        )
+
+
 def _verify_package_version(version):
     # Occasionally we run into situations where the version of the Python
     # package does not match the version of the shared object that is loaded.
@@ -182,3 +196,5 @@
 # condition registering the OpenSSL locks. On Python 3.4+ the import lock
 # is per module so this approach will not work.
 Binding.init_static_locks()
+
+_verify_openssl_version(Binding.lib)