]> git.ipfire.org Git - people/ms/strongswan.git/commit
projects / people / ms / strongswan.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8baa431) | patch
openssl: Load "legacy" provider in OpenSSL 3 for algorithms like MD4, DES etc.
authorTobias Brunner <tobias@strongswan.org>
Thu, 30 Sep 2021 07:41:57 +0000 (09:41 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 8 Dec 2021 10:34:13 +0000 (11:34 +0100)
commitf556fce16b600d7bdfd460c341af2af0df1c4c37
tree0cf6d774a1cfe2befb16454a23f7d8239b0b8c2atree | snapshot
parent8baa4315015ed01f5bc904a9bd163e8bb47a9483commit | diff
openssl: Load "legacy" provider in OpenSSL 3 for algorithms like MD4, DES etc.

We still require these algorithms for e.g. EAP-MSCHAPv2, so the option is
enabled, by default.  To use other providers (e.g. fips or even custom
ones), the option can be disabled and the providers to load/activate can
be configured in openssl.cnf.  For instance, the following has the same
effect as enabling the option:

    openssl_conf = openssl_init

    [openssl_init]
    providers = providers

    [providers]
    default = activate
    legacy = activate

    [activate]
    activate = yes
conf/plugins/openssl.opt diff | blob | blame | history
src/libstrongswan/plugins/openssl/openssl_plugin.c diff | blob | blame | history
Michael's strongswan development tree