Skip to content

Commit

Permalink
doc: ref OpenSSL legacy provider from crypto docs
Browse files Browse the repository at this point in the history
This adds a link to the --openssl-legacy-provider flag to the
"Support for weak or compromised algorithms" section.

PR-URL: #40593
Refs: #40478
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Voltrex <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
  • Loading branch information
tniessen authored and targos committed Nov 6, 2021
1 parent 8f41022 commit 71bac70
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions doc/api/crypto.md
Original file line number Diff line number Diff line change
Expand Up @@ -5378,6 +5378,10 @@ Based on the recommendations of [NIST SP 800-131A][]:

See the reference for other recommendations and details.

Some algorithms that have known weaknesses and are of little relevance in
practice are only available through the [legacy provider][], which is not
enabled by default.

### CCM mode

CCM is one of the supported [AEAD algorithms][]. Applications which use this
Expand Down Expand Up @@ -5912,6 +5916,7 @@ See the [list of SSL OP Flags][] for details.
[certificate object]: tls.md#certificate-object
[encoding]: buffer.md#buffers-and-character-encodings
[initialization vector]: https://en.wikipedia.org/wiki/Initialization_vector
[legacy provider]: cli.md#--openssl-legacy-provider
[list of SSL OP Flags]: https://wiki.openssl.org/index.php/List_of_SSL_OP_Flags#Table_of_Options
[modulo bias]: https://en.wikipedia.org/wiki/Fisher%E2%80%93Yates_shuffle#Modulo_bias
[safe integers]: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isSafeInteger
Expand Down

0 comments on commit 71bac70

Please sign in to comment.