.OpenSSL now includes providers The OpenSSL toolkit in version 3.0.1, which is included in RHEL 9, added the concept of providers. Providers are collections of algorithms, and you can choose different providers for different applications. OpenSSL currently includes the following providers: `base`, `default`, `fips`, `legacy`, and `null`. By default, OpenSSL loads and activates the `default` provider, which includes commonly used algorithms such as RSA, DSA, DH, CAMELLIA, SHA-1, and SHA-2. When the FIPS flag is set in the kernel, OpenSSL automatically loads the FIPS provider and uses only FIPS-approved algorithms. As a result, you do not have to manually switch OpenSSL to FIPS mode. To change to a different provider on the system level, edit the `openssl.cnf` configuration file. For example, if your scenario requires using the `legacy` provider, uncomment the corresponding section. WARNING: Explicitly activating a provider overrides the implicit activation of the default provider and may make the system remotely inaccessible, for example by the OpenSSH suite. For information on the algorithms included in each provider, see the relevant man pages. For example, the `OSSL_PROVIDER-legacy(7)` man page for the `legacy` provider.