From: Aydın Mercan Date: Wed, 14 Aug 2024 12:47:06 +0000 (+0000) Subject: chg: usr: use deterministic ecdsa for openssl >= 3.2 X-Git-Tag: v9.21.1~55 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=069c6c226548aef4f03dfb55e1991184bb558fa0;p=thirdparty%2Fbind9.git chg: usr: use deterministic ecdsa for openssl >= 3.2 OpenSSL has added support for deterministic ECDSA (RFC 6979) with version 3.2. Use it by default as it removes arguably its most fragile side of ECDSA. The derandomization doesn't pose a risk for DNS usecases and is allowed by FIPS 186-5. Closes https://gitlab.isc.org/isc-projects/bind9/-/issues/299 Merge branch '299-change-ecdsa-to-deterministic-usage-elliptic-curve-digital-signature-algorithm-rfc-6979' into 'main' Closes #299 See merge request isc-projects/bind9!9128 --- 069c6c226548aef4f03dfb55e1991184bb558fa0