From: Dimitri John Ledkov Date: Tue, 14 Jul 2020 16:55:49 +0000 (+0100) Subject: man3: Drop warning about using security levels higher than 1. X-Git-Tag: OpenSSL_1_1_1h~22 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=335266fa793c105e5e38cbaf098542cc372cdc2e;p=thirdparty%2Fopenssl.git man3: Drop warning about using security levels higher than 1. Today, majority of web-browsers reject communication as allowed by the security level 1. Instead key sizes and algorithms from security level 2 are required. Thus remove the now obsolete warning against using security levels higher than 1. For example Ubuntu, compiles OpenSSL with security level set to 2, and further restricts algorithm versions available at that security level. Reviewed-by: Kurt Roeckx Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/12444) (cherry picked from commit 02e14a65fd6cc63204b43a79d510e95a63bdd901) --- diff --git a/doc/man3/SSL_CTX_set_security_level.pod b/doc/man3/SSL_CTX_set_security_level.pod index 0cb6c1f52a2..ba0aa0b9cae 100644 --- a/doc/man3/SSL_CTX_set_security_level.pod +++ b/doc/man3/SSL_CTX_set_security_level.pod @@ -114,12 +114,6 @@ I =head1 NOTES -B at this time setting the security level higher than 1 for -general internet use is likely to cause B interoperability -issues and is not recommended. This is because the B algorithm -is very widely used in certificates and will be rejected at levels -higher than 1 because it only offers 80 bits of security. - The default security level can be configured when OpenSSL is compiled by setting B<-DOPENSSL_TLS_SECURITY_LEVEL=level>. If not set then 1 is used.