mirror of
git://slackware.nl/current.git
synced 2025-01-03 23:03:22 +01:00
821601d7cb
a/openssl-solibs-3.0.8-x86_64-2.txz: Rebuilt. ap/dc3dd-7.3.0-x86_64-1.txz: Upgraded. ap/mariadb-10.11.2-x86_64-1.txz: Upgraded. d/cmake-3.25.3-x86_64-1.txz: Upgraded. l/imagemagick-7.1.1_1-x86_64-1.txz: Upgraded. l/libieee1284-0.2.11-x86_64-7.txz: Rebuilt. Rebuilt for python3. Thanks to Heinz Wiesinger. l/libplist-2.2.0-x86_64-4.txz: Rebuilt. Rebuilt for python3. Thanks to Heinz Wiesinger. l/pipewire-0.3.67-x86_64-1.txz: Upgraded. n/ModemManager-1.20.6-x86_64-1.txz: Upgraded. n/NetworkManager-1.42.4-x86_64-1.txz: Upgraded. n/openssl-3.0.8-x86_64-2.txz: Rebuilt. Fixed man pages. Thanks to marav. Add example for enabling the legacy algorithms to /etc/ssl/openssl.cnf. Thanks to ctrlaltca. n/openvpn-2.6.1-x86_64-1.txz: Upgraded. x/ibus-libpinyin-1.15.2-x86_64-1.txz: Upgraded. x/mesa-22.3.7-x86_64-1.txz: Upgraded.
55 lines
2.1 KiB
Diff
55 lines
2.1 KiB
Diff
--- ./apps/openssl.cnf.orig 2023-03-09 12:18:42.039633050 -0600
|
|
+++ ./apps/openssl.cnf 2023-03-09 12:26:32.614607021 -0600
|
|
@@ -42,35 +42,33 @@
|
|
tsa_policy2 = 1.2.3.4.5.6
|
|
tsa_policy3 = 1.2.3.4.5.7
|
|
|
|
-# For FIPS
|
|
-# Optionally include a file that is generated by the OpenSSL fipsinstall
|
|
-# application. This file contains configuration data required by the OpenSSL
|
|
-# fips provider. It contains a named section e.g. [fips_sect] which is
|
|
-# referenced from the [provider_sect] below.
|
|
-# Refer to the OpenSSL security policy for more information.
|
|
-# .include fipsmodule.cnf
|
|
-
|
|
[openssl_init]
|
|
providers = provider_sect
|
|
|
|
-# List of providers to load
|
|
-[provider_sect]
|
|
-default = default_sect
|
|
-# The fips section name should match the section name inside the
|
|
-# included fipsmodule.cnf.
|
|
-# fips = fips_sect
|
|
-
|
|
-# If no providers are activated explicitly, the default one is activated implicitly.
|
|
-# See man 7 OSSL_PROVIDER-default for more details.
|
|
-#
|
|
+# List of providers to load:
|
|
+# Uncomment the sections that start with ## below to enable the legacy provider.
|
|
+# Loading the legacy provider enables support for the following algorithms:
|
|
+# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160
|
|
+# Symmetric Ciphers: Blowfish, CAST, DES, IDEA, RC2, RC4,RC5, SEED
|
|
+# Key Derivation Function (KDF): PBKDF1
|
|
+# In general it is not recommended to use the above mentioned algorithms for
|
|
+# security critical operations, as they are cryptographically weak or vulnerable
|
|
+# to side-channel attacks and as such have been deprecated.
|
|
# If you add a section explicitly activating any other provider(s), you most
|
|
# probably need to explicitly activate the default provider, otherwise it
|
|
# becomes unavailable in openssl. As a consequence applications depending on
|
|
# OpenSSL may not work correctly which could lead to significant system
|
|
# problems including inability to remotely access the system.
|
|
+
|
|
+[provider_sect]
|
|
+default = default_sect
|
|
+##legacy = legacy_sect
|
|
+
|
|
[default_sect]
|
|
-# activate = 1
|
|
+activate = 1
|
|
|
|
+##[legacy_sect]
|
|
+##activate = 1
|
|
|
|
####################################################################
|
|
[ ca ]
|