Set the output length for XOF algorithms, such as B<shake128> and B<shake256>.
This option is not supported for signing operations.
-For OpenSSL providers it is recommended to set this value for shake algorithms,
-since the default values are set to only supply half of the maximum security
-strength.
-
-For backwards compatibility reasons the default xoflen length for B<shake128> is
-16 (bytes) which results in a security strength of only 64 bits. To ensure the
-maximum security strength of 128 bits, the xoflen should be set to at least 32.
-
-For backwards compatibility reasons the default xoflen length for B<shake256> is
-32 (bytes) which results in a security strength of only 128 bits. To ensure the
-maximum security strength of 256 bits, the xoflen should be set to at least 64.
+For OpenSSL providers it is required to set this value for shake algorithms,
+since the previous default values were only set to supply half of the maximum
+security strength.
+
+To ensure the maximum security strength of 128 bits, the xoflen for B<shake128>
+should be set to at least 32 (bytes). For compatibility with previous versions
+of OpenSSL, it may be set to 16, resulting in a security strength of only 64
+bits.
+
+To ensure the maximum security strength of 256 bits, the xoflen for B<shake256>
+should be set to at least 64 (bytes). For compatibility with previous versions
+of OpenSSL, it may be set to 32, resulting in a security strength of only 128
+bits.
=item B<-r>
projects / thirdparty / openssl.git / commitdiff
