[openssl] OpenSSL_1_1_1-stable update
kaduk at mit.edu
kaduk at mit.edu
Sat Jan 25 04:55:07 UTC 2020
The branch OpenSSL_1_1_1-stable has been updated
via 59f92fa27eb41a7513e584b665c87669171f60dd (commit)
from f50f2725c03710e183d855760c32d8df6cab1f94 (commit)
- Log -----------------------------------------------------------------
commit 59f92fa27eb41a7513e584b665c87669171f60dd
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Thu Jan 23 17:08:34 2020 -0800
openssl-config: add example libssl system-defaults
Provide a "simple" example for affecting the systemwide default behavior
of libssl. The large number of mandatory nested sections makes this
less simple than the main description might suggest.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10937)
(cherry picked from commit 3472082b4b6d73e0803a7c47f03e96ec0a69f77b)
-----------------------------------------------------------------------
Summary of changes:
doc/man5/config.pod | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index 992fdfccf9..732998e8f4 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -355,6 +355,22 @@ Simple OpenSSL library configuration example to enter FIPS mode:
Note: in the above example you will get an error in non FIPS capable versions
of OpenSSL.
+Simple OpenSSL library configuration to make TLS 1.3 the system-default
+minimum TLS version:
+
+ # Toplevel section for openssl (including libssl)
+ openssl_conf = default_conf_section
+
+ [default_conf_section]
+ # We only specify configuration for the "ssl module"
+ ssl_conf = ssl_section
+
+ [ssl_section]
+ system_default = system_default_section
+
+ [system_default_section]
+ MinProtocol = TLSv1.3
+
More complex OpenSSL library configuration. Add OID and don't enter FIPS mode:
# Default appname: should match "appname" parameter (if any)
More information about the openssl-commits
mailing list