Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-15-SP4:FactoryCandidates
openssl-3
openssl-load-legacy-provider.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-load-legacy-provider.patch of Package openssl-3
287863366dcdd6548dee78c7a4 Mon Sep 17 00:00:00 2001 From: rpm-build <rpm-build> Date: Mon, 31 Jul 2023 09:41:28 +0200 Subject: [PATCH 14/35] 0024-load-legacy-prov.patch Patch-name: 0024-load-legacy-prov.patch Patch-id: 24 Patch-status: | # Instructions to load legacy provider in openssl.cnf From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd --- apps/openssl.cnf | 37 +++++++++++++++---------------------- doc/man5/config.pod | 8 ++++++++ 2 files changed, 23 insertions(+), 22 deletions(-) Index: openssl-3.2.3/apps/openssl.cnf =================================================================== --- openssl-3.2.3.orig/apps/openssl.cnf +++ openssl-3.2.3/apps/openssl.cnf @@ -42,14 +42,6 @@ tsa_policy1 = 1.2.3.4.1 tsa_policy2 = 1.2.3.4.5.6 tsa_policy3 = 1.2.3.4.5.7 -# For FIPS -# Optionally include a file that is generated by the OpenSSL fipsinstall -# application. This file contains configuration data required by the OpenSSL -# fips provider. It contains a named section e.g. [fips_sect] which is -# referenced from the [provider_sect] below. -# Refer to the OpenSSL security policy for more information. -# .include fipsmodule.cnf - [openssl_init] providers = provider_sect # Load default TLS policy configuration @@ -58,23 +50,24 @@ ssl_conf = ssl_module [ evp_properties ] # This section is intentionally added empty here to be tuned on particular systems -# List of providers to load +# Uncomment the sections that start with ## below to enable the legacy provider. +# Loading the legacy provider enables support for the following algorithms: +# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160 +# Symmetric Ciphers: Blowfish, CAST, DES, IDEA, RC2, RC4,RC5, SEED +# Key Derivation Function (KDF): PBKDF1 +# In general it is not recommended to use the above mentioned algorithms for +# security critical operations, as they are cryptographically weak or vulnerable +# to side-channel attacks and as such have been deprecated. + [provider_sect] default = default_sect -# The fips section name should match the section name inside the -# included fipsmodule.cnf. -# fips = fips_sect - -# If no providers are activated explicitly, the default one is activated implicitly. -# See man 7 OSSL_PROVIDER-default for more details. -# -# If you add a section explicitly activating any other provider(s), you most -# probably need to explicitly activate the default provider, otherwise it -# becomes unavailable in openssl. As a consequence applications depending on -# OpenSSL may not work correctly which could lead to significant system -# problems including inability to remotely access the system. +##legacy = legacy_sect + [default_sect] -# activate = 1 +activate = 1 + +##[legacy_sect] +##activate = 1 [ ssl_module ] system_default = crypto_policy Index: openssl-3.2.3/doc/man5/config.pod =================================================================== --- openssl-3.2.3.orig/doc/man5/config.pod +++ openssl-3.2.3/doc/man5/config.pod @@ -273,6 +273,14 @@ significant. All parameters in the section as well as sub-sections are made available to the provider. +=head3 Loading the legacy provider + +Uncomment the sections that start with ## in openssl.cnf +to enable the legacy provider. +Note: In general it is not recommended to use the above mentioned algorithms for +security critical operations, as they are cryptographically weak or vulnerable +to side-channel attacks and as such have been deprecated. + =head3 Default provider and its activation If no providers are activated explicitly, the default one is activated implicitly.
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor