Cryptography issues after upgrading to Python 3.12.2

I’m running Raspbian bookworm and HA Core in a venv.
Starting HA 2024.4 Python 3.12 is needed, I am now running Python 3.11.6.
Having tried the upgrade a month ago already but failing, I reverted back to HA 2023.3.1 with Python 3.11.6.
Today I wanted to retry the upgrade, but failed again. This is what happened (followed the guide Upgrading HomeAssistant Core in a Python VE - #9 by romanovj):

  1. I downloaded the Python 3.12.2 tgz from the official source
  2. ./configure --enable-optimizations
  3. make -j4
  4. sudo make altinstall
    => python3.12 --version tells me: Python 3.12.2
  5. sudo mv /srv/homeassistant /srv/homeassistant-old
  6. sudo mkdir /srv/homeassistant
  7. sudo python3.12 -m venv /srv/homeassistant
  8. (as homeassistant in venv) pip3 install homeassistant
    => all dependencies build and install successfully
    => rust compiler for building: (installed using rustup)
stable-arm-unknown-linux-gnueabihf (default)
rustc 1.77.2 (25ef9e3d8 2024-04-09)

=> running hass returns the following:

Traceback (most recent call last):
  File "/srv/homeassistant/bin/hass", line 8, in <module>                                                                                                                
  File "/srv/homeassistant/lib/python3.12/site-packages/homeassistant/", line 174, in main
    args = get_arguments()                                                                                                                                               
  File "/srv/homeassistant/lib/python3.12/site-packages/homeassistant/", line 82, in get_arguments 
    from . import config as config_util
  File "/srv/homeassistant/lib/python3.12/site-packages/homeassistant/", line 27, in <module>
    from . import auth
  File "/srv/homeassistant/lib/python3.12/site-packages/homeassistant/auth/", line 13, in <module>
    import jwt
  File "/srv/homeassistant/lib/python3.12/site-packages/jwt/", line 1, in <module>
    from .api_jwk import PyJWK, PyJWKSet
  File "/srv/homeassistant/lib/python3.12/site-packages/jwt/", line 7, in <module>
    from .algorithms import get_default_algorithms, has_crypto, requires_cryptography
  File "/srv/homeassistant/lib/python3.12/site-packages/jwt/", line 12, in <module>
    from .utils import (
  File "/srv/homeassistant/lib/python3.12/site-packages/jwt/", line 7, in <module>
    from import EllipticCurve
  File "/srv/homeassistant/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/", line 11, in <module>
    from cryptography.hazmat._oid import ObjectIdentifier
  File "/srv/homeassistant/lib/python3.12/site-packages/cryptography/hazmat/", line 7, in <module>
    from cryptography.hazmat.bindings._rust import (
ImportError: /srv/homeassistant/lib/python3.12/site-packages/cryptography/hazmat/bindings/ undefined symbol: EVP_idea_cbc, version OPENSSL_3.0.0

=> openssl version tells me:

OpenSSL 3.0.11 19 Sep 2023 (Library: OpenSSL 3.0.11 19 Sep 2023)

→ newest version from apt repository

What can I do to resolve this issue? It seems the mentioned .so file does not contain the symbol (I checked with nm -gD), so maybe the wrong openssl is used? I just installed the official packaged version via sudo apt install openssl.
(I’m glad I mv-ed the old directory somewhere else, as I can easily restore the old running version in no time)

I opened an issue on GitHub in the cryptography repo for this. The issue went away without explanation: Raspbian bookworm: undefined symbol EVP_idea_cbc · Issue #10881 · pyca/cryptography · GitHub