From: Willy Tarreau <w@1wt.eu>
Date: Mon, 11 Apr 2022 17:00:27 +0000 (+0200)
Subject: DOC: install: document the fact that SSL engines are not enabled by default
X-Git-Tag: v2.6-dev6~142
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f985f03fe4d7ad5776d4650d3d09290cd2d39984;p=thirdparty%2Fhaproxy.git

DOC: install: document the fact that SSL engines are not enabled by default

SSL engines used to be built by default for a long time but they're now
disabled consecutive to the API change that makes OpenSSL 3.0 spew plenty
of warnings. Support may still be enabled by passing USE_ENGINE=1.
---

diff --git a/INSTALL b/INSTALL
index 4dc9326fbd..35b0242e6d 100644
--- a/INSTALL
+++ b/INSTALL
@@ -274,7 +274,10 @@ the command line.
 
 It is worth mentioning that asynchronous cryptography engines are supported on
 OpenSSL 1.1.0 and above. Such engines are used to access hardware cryptography
-acceleration that might be present on your system.
+acceleration that might be present on your system. Due to API changes that
+appeared with OpenSSL 3.0 and cause lots of build warnings, engines are not
+enabled by default anymore in HAProxy 2.6. It is required to pass USE_ENGINE=1
+if they are desired.
 
 
 4.6) Compression