--- ./apps/openssl.cnf.orig 2023-03-09 12:18:42.039633050 -0600 +++ ./apps/openssl.cnf 2023-03-09 12:26:32.614607021 -0600 @@ -42,35 +42,33 @@ tsa_policy2 = 1.2.3.4.5.6 tsa_policy3 = 1.2.3.4.5.7 -# For FIPS -# Optionally include a file that is generated by the OpenSSL fipsinstall -# application. This file contains configuration data required by the OpenSSL -# fips provider. It contains a named section e.g. [fips_sect] which is -# referenced from the [provider_sect] below. -# Refer to the OpenSSL security policy for more information. -# .include fipsmodule.cnf - [openssl_init] providers = provider_sect -# List of providers to load -[provider_sect] -default = default_sect -# The fips section name should match the section name inside the -# included fipsmodule.cnf. -# fips = fips_sect - -# If no providers are activated explicitly, the default one is activated implicitly. -# See man 7 OSSL_PROVIDER-default for more details. -# +# List of providers to load: +# Uncomment the sections that start with ## below to enable the legacy provider. +# Loading the legacy provider enables support for the following algorithms: +# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160 +# Symmetric Ciphers: Blowfish, CAST, DES, IDEA, RC2, RC4,RC5, SEED +# Key Derivation Function (KDF): PBKDF1 +# In general it is not recommended to use the above mentioned algorithms for +# security critical operations, as they are cryptographically weak or vulnerable +# to side-channel attacks and as such have been deprecated. # If you add a section explicitly activating any other provider(s), you most # probably need to explicitly activate the default provider, otherwise it # becomes unavailable in openssl. As a consequence applications depending on # OpenSSL may not work correctly which could lead to significant system # problems including inability to remotely access the system. + +[provider_sect] +default = default_sect +##legacy = legacy_sect + [default_sect] -# activate = 1 +activate = 1 +##[legacy_sect] +##activate = 1 #################################################################### [ ca ]