diff --git a/newsfragments/3914.minor b/newsfragments/3914.minor
new file mode 100644
index 000000000..e69de29bb
diff --git a/newsfragments/3953.minor b/newsfragments/3953.minor
new file mode 100644
index 000000000..e69de29bb
diff --git a/src/allmydata/crypto/rsa.py b/src/allmydata/crypto/rsa.py
index f16b1b95f..3554ec557 100644
--- a/src/allmydata/crypto/rsa.py
+++ b/src/allmydata/crypto/rsa.py
@@ -15,6 +15,8 @@ from __future__ import annotations
 
 from typing_extensions import TypeAlias
 
+from functools import partial
+
 from cryptography.exceptions import InvalidSignature
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import hashes
@@ -68,20 +70,39 @@ def create_signing_keypair_from_string(private_key_der: bytes) -> tuple[PrivateK
 
     :returns: 2-tuple of (private_key, public_key)
     """
-    priv_key = load_der_private_key(
+    load = partial(
+        load_der_private_key,
         private_key_der,
         password=None,
         backend=default_backend(),
     )
-    if not isinstance(priv_key, rsa.RSAPrivateKey):
+
+    try:
+        # Load it once without the potentially expensive OpenSSL validation
+        # checks.  These have superlinear complexity.  We *will* run them just
+        # below - but first we'll apply our own constant-time checks.
+        unsafe_priv_key = load(unsafe_skip_rsa_key_validation=True)
+    except TypeError:
+        # cryptography<39 does not support this parameter, so just load the
+        # key with validation...
+        unsafe_priv_key = load()
+        # But avoid *reloading* it since that will run the expensive
+        # validation *again*.
+        load = lambda: unsafe_priv_key
+
+    if not isinstance(unsafe_priv_key, rsa.RSAPrivateKey):
         raise ValueError(
             "Private Key did not decode to an RSA key"
         )
-    if priv_key.key_size != 2048:
+    if unsafe_priv_key.key_size != 2048:
         raise ValueError(
             "Private Key must be 2048 bits"
         )
-    return priv_key, priv_key.public_key()
+
+    # Now re-load it with OpenSSL's validation applied.
+    safe_priv_key = load()
+
+    return safe_priv_key, safe_priv_key.public_key()
 
 
 def der_string_from_signing_key(private_key: PrivateKey) -> bytes:
diff --git a/tox.ini b/tox.ini
index db4748033..96eed4e40 100644
--- a/tox.ini
+++ b/tox.ini
@@ -7,7 +7,7 @@
 # the tox-gh-actions package.
 [gh-actions]
 python =
-    3.7: py37-coverage,typechecks,codechecks
+    3.7: py37-coverage
     3.8: py38-coverage
     3.9: py39-coverage
     3.10: py310-coverage