From 6e445678efea9f4c73aca70e517ed83666072eda Mon Sep 17 00:00:00 2001
From: Landon Gilbert-Bland <lbland@instructure.com>
Date: Sat, 4 Aug 2018 08:06:04 -0600
Subject: [PATCH] Require cryptography >= 2.3

This is in response to https://nvd.nist.gov/vuln/detail/CVE-2018-10903
---
 requirements.txt | 2 +-
 setup.py         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index b37105ff..530368b1 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -5,7 +5,7 @@ certifi==2018.4.16
 cffi==1.11.5
 chardet==3.0.4
 click==6.7
-cryptography==2.2.2
+cryptography==2.3
 docutils==0.14
 Flask==1.0
 Flask-Sphinx-Themes==1.0.2
diff --git a/setup.py b/setup.py
index 2fda23b7..f601157e 100644
--- a/setup.py
+++ b/setup.py
@@ -34,7 +34,7 @@
           'PyJWT',
       ],
       extras_require={
-        'asymmetric_crypto':  ["cryptography"]
+        'asymmetric_crypto':  ["cryptography >= 2.3"]
       },
       classifiers=[
         'Development Status :: 5 - Production/Stable',