| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485 |
- --- a/apps/openssl.cnf
- +++ b/apps/openssl.cnf
- @@ -22,6 +22,82 @@ oid_section = new_oids
- # (Alternatively, use a configuration file that has only
- # X.509v3 extensions in its main [= default] section.)
-
- +openssl_conf=openssl_conf
- +
- +[openssl_conf]
- +engines=engines
- +
- +[engines]
- +# To enable an engine, install the package, and uncomment it here:
- +#devcrypto=devcrypto
- +#afalg=afalg
- +#padlock=padlock
- +
- +[afalg]
- +# Leave this alone and configure algorithms with CIPERS/DIGESTS below
- +default_algorithms = ALL
- +
- +# The following commands are only available if using the alternative
- +# (sync) AFALG engine
- +# Configuration commands:
- +# Run 'openssl engine -t -c -vv -pre DUMP_INFO devcrypto' to see a
- +# list of supported algorithms, along with their driver, whether they
- +# are hw accelerated or not, and the engine's configuration commands.
- +
- +# USE_SOFTDRIVERS: specifies whether to use software (not accelerated)
- +# drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use
- +# if acceleration can't be determined) [default=2]
- +#USE_SOFTDRIVERS = 2
- +
- +# CIPHERS: either ALL, NONE, NO_ECB (all except ECB-mode) or a
- +# comma-separated list of ciphers to enable [default=NO_ECB]
- +# Starting in 1.2.0, if you use a cipher list, each cipher may be
- +# followed by a colon (:) and the minimum request length to use
- +# AF_ALG drivers for that cipher; smaller requests are processed by
- +# softare; a negative value will use the default for that cipher
- +#CIPHERS=AES-128-CBC:1024, AES-256-CBC:768, DES-EDE3-CBC:0
- +
- +# DIGESTS: either ALL, NONE, or a comma-separated list of digests to
- +# enable [default=NONE]
- +# It is strongly recommended not to enable digests; their performance
- +# is poor, and there are many cases in which they will not work,
- +# especially when calling fork with open crypto contexts. Openssh,
- +# for example, does this, and you may not be able to login.
- +#DIGESTS = NONE
- +
- +[devcrypto]
- +# Leave this alone and configure algorithms with CIPERS/DIGESTS below
- +default_algorithms = ALL
- +
- +# Configuration commands:
- +# Run 'openssl engine -t -c -vv -pre DUMP_INFO devcrypto' to see a
- +# list of supported algorithms, along with their driver, whether they
- +# are hw accelerated or not, and the engine's configuration commands.
- +
- +# USE_SOFTDRIVERS: specifies whether to use software (not accelerated)
- +# drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use
- +# if acceleration can't be determined) [default=2]
- +#USE_SOFTDRIVERS = 2
- +
- +# CIPHERS: either ALL, NONE, or a comma-separated list of ciphers to
- +# enable [default=ALL]
- +# It is recommended to disable the ECB ciphers; in most cases, it will
- +# only be used for PRNG, in small blocks, where performance is poor,
- +# and there may be problems with apps forking with open crypto
- +# contexts, leading to failures. The CBC ciphers work well:
- +#CIPHERS=DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC
- +
- +# DIGESTS: either ALL, NONE, or a comma-separated list of digests to
- +# enable [default=NONE]
- +# It is strongly recommended not to enable digests; their performance
- +# is poor, and there are many cases in which they will not work,
- +# especially when calling fork with open crypto contexts. Openssh,
- +# for example, does this, and you may not be able to login.
- +#DIGESTS = NONE
- +
- +[padlock]
- +default_algorithms = ALL
- +
- [ new_oids ]
-
- # We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
|
