[openssl-users] [openssl-dev] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback
Dr. Stephen Henson
steve at openssl.org
Fri Nov 13 18:15:20 UTC 2015
On Fri, Nov 13, 2015, Benjamin Kaduk wrote:
>
> As another thread calls to mind, PKCS#12 could potentially just use
> triple-DES. (BTW, the CMS tests fail when openssl is configured with
> no-rc2, due to this; I have a WIP patch sitting around.)
>
The issue is that some cuurent software (including major web browsers) still
produce PKCS#12 files which include 40 bit RC2 for certificate "encryption"
and OpenSSL would fail to decrypt those if it removed RC2.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users
mailing list