Bug 2010291
Summary: | Add RN text on Default Providers in OpenSSL | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 9 | Reporter: | Jan Fiala <jafiala> |
Component: | doc-Release_Notes-9-en-US | Assignee: | Lenka Špačková <lkuprova> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Hubert Kario <hkario> |
Severity: | unspecified | Docs Contact: | Jan Fiala <jafiala> |
Priority: | medium | ||
Version: | 9.0 | CC: | mjahoda, rhel-docs |
Target Milestone: | rc | Keywords: | Documentation |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: |
.OpenSSL now includes providers
The OpenSSL toolkit in version 3.0.1, which is included in RHEL 9, added the concept of providers. Providers are collections of algorithms, and you can choose different providers for different applications. OpenSSL currently includes the following providers: `base`, `default`, `fips`, `legacy`, and `null`.
By default, OpenSSL loads and activates the `default` provider, which includes commonly used algorithms such as RSA, DSA, DH, CAMELLIA, SHA-1, and SHA-2.
When the FIPS flag is set in the kernel, OpenSSL automatically loads the FIPS provider and uses only FIPS-approved algorithms. As a result, you do not have to manually switch OpenSSL to FIPS mode.
To change to a different provider on the system level, edit the `openssl.cnf` configuration file. For example, if your scenario requires using the `legacy` provider, uncomment the corresponding section.
WARNING: Explicitly activating a provider overrides the implicit activation of the default provider and may make the system remotely inaccessible, for example by the OpenSSH suite.
For information on the algorithms included in each provider, see the relevant man pages. For example, the `OSSL_PROVIDER-legacy(7)` man page for the `legacy` provider.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-11-11 06:29:17 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Comment 5
Lenka Špačková
2021-11-11 06:29:17 UTC
|