17a6ca12d3
This changes the configuration of engines from the global openssl.cnf to files in the /etc/ssl/engines.cnf.d directory. The engines.cnf file has the list of enabled engines, while each engine has its own configuration file installed under /etc/ssl/engines.cnf.d. Patches were refreshed with --zero-commit. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
32 lines
1.3 KiB
INI
32 lines
1.3 KiB
INI
[devcrypto]
|
|
# Leave this alone and configure algorithms with CIPERS/DIGESTS below
|
|
default_algorithms = ALL
|
|
|
|
# Configuration commands:
|
|
# Run 'openssl engine -t -c -vv -pre DUMP_INFO devcrypto' to see a
|
|
# list of supported algorithms, along with their driver, whether they
|
|
# are hw accelerated or not, and the engine's configuration commands.
|
|
|
|
# USE_SOFTDRIVERS: specifies whether to use software (not accelerated)
|
|
# drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use
|
|
# if acceleration can't be determined) [default=2]
|
|
#USE_SOFTDRIVERS = 2
|
|
|
|
# CIPHERS: either ALL, NONE, or a comma-separated list of ciphers to
|
|
# enable [default=ALL]
|
|
# It is recommended to disable the ECB ciphers; in most cases, it will
|
|
# only be used for PRNG, in small blocks, where performance is poor,
|
|
# and there may be problems with apps forking with open crypto
|
|
# contexts, leading to failures. The CBC ciphers work well:
|
|
#CIPHERS=DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC
|
|
|
|
# DIGESTS: either ALL, NONE, or a comma-separated list of digests to
|
|
# enable [default=NONE]
|
|
# It is strongly recommended not to enable digests; their performance
|
|
# is poor, and there are many cases in which they will not work,
|
|
# especially when calling fork with open crypto contexts. Openssh,
|
|
# for example, does this, and you may not be able to login.
|
|
#DIGESTS = NONE
|
|
|
|
|