Need Replacement for Deprecated function.

Matt Caswell matt at
Mon Nov 29 15:10:56 UTC 2021

On 29/11/2021 12:35, Shivakumar Poojari wrote:
> Hi All,
> We are upgrading our code to openssl 3.0.
> Need Replacement for below Deprecated function.
> SSL_use_RSAPrivateKey_ASN1();

Use SSL_use_PrivateKey_ASN1();

> PEM_read_bio_DHparams();
> PEM_read_bio_DSAparams();

Use PEM_read_bio_Parameters_ex() for these two.

> DSA_dup_DH();

There is no replacement for this. Why do you need it? Generally this is 
a bad idea.

If you really need to do it there is a workaround:

> DSA_free();

You shouldn't need to call this anymore because you shouldn't have any 
DSA objects anymore. Instead you should only be using EVP_PKEY objects. 
To free those you use EVP_PKEY_free();

> SSL_set_tmp_dh();

SSL_set0_tmp_dh_pkey(). Although you might be able to just remove it 
completely. These functions set the DH parameters to a specific set of 
values. Mostly you can instead just use the default built-in ones.

> DH_free();

As per DSA_free();

> SSL_CTX_set_tmp_dh();

SSL_CTX_set0_tmp_dh_pkey() - but same comments as for SSL_set_tmp_dh() 


> I'm not able to find proper replacement, Please help me out
> Thanks,
> Shiva Kumar
> Notice: This e-mail together with any attachments may contain 
> information of Ribbon Communications Inc. and its Affiliates that is 
> confidential and/or proprietary for the sole use of the intended 
> recipient. Any review, disclosure, reliance or distribution by others or 
> forwarding without express permission is strictly prohibited. If you are 
> not the intended recipient, please notify the sender immediately and 
> then delete all copies, including any attachments.

More information about the openssl-users mailing list