Warn about possible slowness when using an older version of pyOpenSSL

[ghost]

This comment on #4278 suggests warning about possible slowness for older versions of pyOpenSSL.

I'd love to work on this, I'm just not sure which versions to warn about and would love input from some developers more experienced with the library.

[nateprewitt]

So I think @Lukasa or @sigmavirus24 may have a more definitive answer to this, but it looks like PyOpenSSL 16.0.0 was when the Cryptography>=1.0 requirement was put in place. From my understanding that's when the speed ups were implemented.

We already require Cryptography>=1.3.4 in both Requests and urllib3 though, so users entering this state are installing the PyOpenSSL requirement from another package. If we implement a warning, I think we should first check that PyOpenSSL is installed, and then if cryptography's version is less than 1.3.4.

[ghost]

so users entering this state are installing the PyOpenSSL requirement from another package. If we implement a warning, I think we should first check that PyOpenSSL is installed

Just to be clear, do you mean check that the OpenSSL module is available, or check specifically that the module is pyOpenSSL?

[nateprewitt]

@PrimordialHelios, I believe that PyOpenSSL is sufficient (and much easier to check). We don't import or use cryptography directly in Requests, so the urllib3 pyopenssl contrib module should be our only point of contact.

[nateprewitt]

This should be resolved with #4332 merged. Thanks again @PrimordialHelios!