Re: OpenSSL Legacy Provider
- In reply to: Cy Schubert : "OpenSSL Legacy Provider"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 10 Aug 2025 14:40:21 UTC
On Sat, Aug 09, 2025 at 11:19:18PM -0700, Cy Schubert wrote: > Now that we've replaced Heimdal 1.5.2 with MIT KRB5 1.22, is there any > reason to still enable the OpenSSL legacy provider? It still provides implementations of legacy cryptographic algorithms for consumers of OpenSSL itself that have not been updated to modern algorithms yet. I am not sure I see much downside from shipping the provider and disabling it from the default configuration, since applications would have to opt-in to its use and we would be providing flexibility for such legacy applications to continue running without needing to pull in openssl from ports or some other way to get support for those algorithms. -Ben