testing/openssl-3
SHA256
7
0
Fork 0
forked from pool/openssl-3
Code Pull Requests Activity
Files
main
openssl-3/openssl-TESTS-Disable-default-provider-crypto-policies.patch

51 lines
1.2 KiB
Diff
Raw Permalink Normal View History

- Update to 3.5.0: * Changes: - Default encryption cipher for the req, cms, and smime applications changed from des-ede3-cbc to aes-256-cbc. - The default TLS supported groups list has been changed to include and prefer hybrid PQC KEM groups. Some practically unused groups were removed from the default list. - The default TLS keyshares have been changed to offer X25519MLKEM768 and and X25519. - All BIO_meth_get_*() functions were deprecated. * New features: - Support for server side QUIC (RFC 9000) - Support for 3rd party QUIC stacks including 0-RTT support - Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA) - A new configuration option no-tls-deprecated-ec to disable support for TLS groups deprecated in RFC8422 - A new configuration option enable-fips-jitter to make the FIPS provider to use the JITTER seed source - Support for central key generation in CMP - Support added for opaque symmetric key objects (EVP_SKEY) - Support for multiple TLS keyshares and improved TLS key establishment group configurability - API support for pipelining in provided cipher algorithms * Remove patches: - openssl-3-disable-hmac-hw-acceleration-with-engine-digest.patch - openssl-3-support-CPACF-sha3-shake-perf-improvement.patch - openssl-3-add-defines-CPACF-funcs.patch - openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch - openssl-3-add-xof-state-handling-s3_absorb.patch - openssl-3-fix-state-handling-sha3_absorb_s390x.patch OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=139
2025-04-16 13:02:20 +00:00
Index: openssl-3.5.0/apps/openssl.cnf
===================================================================
--- openssl-3.5.0.orig/apps/openssl.cnf
+++ openssl-3.5.0/apps/openssl.cnf
@@ -45,12 +45,12 @@ tsa_policy3 = 1.2.3.4.5.7
[openssl_init]
providers = provider_sect
# Load default TLS policy configuration
-ssl_conf = ssl_module
-alg_section = evp_properties
-random = random
+##ssl_conf = ssl_module
+##alg_section = evp_properties
+##random = random
-[random]
-seed=JITTER
+##[random]
+##seed=JITTER
[ evp_properties ]
# This section is intentionally added empty here to be tuned on particular systems
@@ -65,20 +65,20 @@ seed=JITTER
# to side-channel attacks and as such have been deprecated.
[provider_sect]
-default = default_sect
+##default = default_sect
##legacy = legacy_sect
-[default_sect]
-activate = 1
+##[default_sect]
+##activate = 1
##[legacy_sect]
##activate = 1
-[ ssl_module ]
-system_default = crypto_policy
+##[ ssl_module ]
+##system_default = crypto_policy
-[ crypto_policy ]
-.include = /etc/crypto-policies/back-ends/opensslcnf.config
+##[ crypto_policy ]
+##.include = /etc/crypto-policies/back-ends/opensslcnf.config
####################################################################
[ ca ]
Copy Permalink