rpms
/
compat-openssl10
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c8'
${ noResults }
compat-openssl10/SOURCES
History
CentOS Sources 4c9971992e
import compat-openssl10-1.0.2o-4.el8_6 		1 year ago
..
Makefile.certificate import compat-openssl10-1.0.2o-4.el8_6 1 year ago
README.FIPS import compat-openssl10-1.0.2o-4.el8_6 1 year ago
README.legacy-settings import compat-openssl10-1.0.2o-4.el8_6 1 year ago
ec_curve.c import compat-openssl10-1.0.2o-4.el8_6 1 year ago
ectest.c import compat-openssl10-1.0.2o-4.el8_6 1 year ago
hobble-openssl import compat-openssl10-1.0.2o-4.el8_6 1 year ago
make-dummy-cert import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.0-beta4-ca-dir.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.0-timezone.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.1c-aliasing.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.1c-perlfind.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.1i-algo-doc.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2a-apps-dgst.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2a-compat-symbols.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2a-defaults.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2a-dtls1-abi.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2a-env-zlib.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2a-fips-ctor.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2a-fips-ec.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2a-fips-md5-allow.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2a-issuer-hash.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2a-no-rpath.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2a-padlock64.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2a-readme-warning.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2a-rsa-x931.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2a-version-add-engines.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2a-version.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2a-x509.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2a-xmpp-starttls.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2c-default-paths.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2c-ecc-suiteb.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2d-secp256k1.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2e-remove-nistp224.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2e-rpmbuild.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2e-speed-doc.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2g-disable-sslv2v3.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2h-pkgconfig.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2i-chil-fixes.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2i-enc-fail.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2i-enginesdir.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2j-deprecate-algos.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2j-downgrade-strength.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2j-nokrb5-abi.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2k-fips-randlock.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2k-long-hello.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2m-manfix.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2m-secure-getenv.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2m-trusted-first-doc.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2o-cc-reqs.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2o-conf-10.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2o-cve-2022-0778.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2o-fips.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2o-ipv6-apps.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2o-new-fips-reqs.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2o-system-cipherlist.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2o-test-use-localhost.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-1.0.2o-wrap-pad.patch import compat-openssl10-1.0.2o-4.el8_6 1 year ago
openssl-thread-test.c import compat-openssl10-1.0.2o-4.el8_6 1 year ago
opensslconf-new-warning.h import compat-openssl10-1.0.2o-4.el8_6 1 year ago
opensslconf-new.h import compat-openssl10-1.0.2o-4.el8_6 1 year ago
renew-dummy-cert import compat-openssl10-1.0.2o-4.el8_6 1 year ago

README.legacy-settings 

Guide for legacy support enablement
===================================

To improve security provided by use of OpenSSL especially in context of
TLS connections we regularly review and deprecate algorithms and algorithm
settings which are no longer viewed as secure.

For some of these deprecated algorithms we provide a way for the
system administrator to reenable them.

Deprecated algorithms, protocols and settings in OpenSSL
========================================================

Previous Red Hat Enterprise Linux 7 update releases:

* SSL2 protocol disabled by default.
* Minimum DH group size accepted by SSL/TLS client 768 bits.
* Verification of certificates and signatures using MD5 hash
  disabled.

Red Hat Enterprise Linux 7.4:

* SSL2 protocol support completely disabled (cannot be re-enabled).
* All SSL/TLS export ciphers disabled.
* All SSL/TLS ciphersuites with keys smaller than 128 bits disabled.
* Minimum DH group size accepted by SSL/TLS client 1024 bits.
* Disabled support for verification of certificates and signatures
  using MD2, MD4, MD5, and SHA0 hashes.

Legacy support enablement
=========================

The OpenSSL now supports /etc/pki/tls/legacy-settings configuration file
which can be created by the system administrator which contains lines with
simple Key Value pairs.

The library recognizes the following possible configuration settings in
that file:

LegacySigningMDs md2 md5
MinimumDHBits 512

The LegacySigningMDs option allows reenabling support for verification of
signatures with the specified hash algorithms. These can be any combination
of md2, md4, md5 and sha. (sha represents SHA0 algorithm, not SHA1.) Any
unrecognized algorithms are ignored.

The MinimumDHBits option allows setting of the minimum bit size of DH group
accepted by SSL/TLS client. It can be any value between 512 and 10000.

If the configuration file is not present the built-in defaults (that is the
secure defaults) are used. Any unrecognized lines (with other parameter
names or comments) are ignored.