[openssl-dev] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback
Richard Levitte
levitte at openssl.org
Sun Nov 15 20:14:43 UTC 2015
In message <20151115170948.GA18315 at mournblade.imrryr.org> on Sun, 15 Nov 2015 17:09:48 +0000, Viktor Dukhovni <openssl-users at dukhovni.org> said:
openssl-users> On Sun, Nov 15, 2015 at 01:11:37PM +0100, Richard Levitte wrote:
openssl-users>
openssl-users> > pl> It is perhaps time to split crypto library in two libraries
openssl-users> > pl> libcryptolegacy and libcryptostrong...
openssl-users> > pl>
openssl-users> > pl> My two cents.
openssl-users> >
openssl-users> > I though could be to make a "legacy" engine that holds the removed
openssl-users> > crypto algos. It could be maintained outside of mainstream OpenSSL,
openssl-users> > really by anyone...
openssl-users>
openssl-users> If the engine is not automatically loaded, then scripting languages
openssl-users> that provide wrappers around the various algorithms, as does other
openssl-users> software that needs the legacy algoriths, but has never needed any
openssl-users> engines and makes no provisions for loading any.
/PATH/TO/openssl.cnf:
openssl_conf = openssl_init
[openssl_init]
engines = default_engines
[default_engines]
legacy = legacy
[legacy]
engine_id = legacy
init = 1
default_algorithms = cast, idea, mdc2, md2, rc5, ripemd, seed, whirlpool, ...
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-dev
mailing list