You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The default algorithms for pkcs12 creation with the PKCS12_create() function were changed to more modern PBKDF2 and AES based algorithms. The default MAC iteration count was changed to PKCS12_DEFAULT_ITER to make it equal with the password-based encryption iteration count. The default digest algorithm for the MAC computation was changed to SHA-256. The pkcs12 application now supports -legacy option that restores the previous default algorithms to support interoperability with legacy systems. https://www.openssl.org/docs/man3.0/man7/migration_guide.html#PKCS-12-API-updates
OpenSSL 3 changed the default encryption algorithms to Nid::AES_256_CBC. openssl/openssl@762970b
Fixed in db2b0d7. I'm also adding support to load providers (like the legacy provider that would support the old algorithms), but need to figure out what to do about openssl/openssl#16970 first.
OpenSSL 3 changed the default encryption algorithms to
Nid::AES_256_CBC
. openssl/openssl@762970brust-openssl/openssl/src/pkcs12.rs
Lines 74 to 79 in 15f263e
A user reported a problem on macOS after a recent patch bump, and apparently the Security Framework fails to import modern PKCS#12. https://openradar.appspot.com/FB8988319
The text was updated successfully, but these errors were encountered: