3 @@ -22,6 +22,99 @@ oid_section = new_oids
4 # (Alternatively, use a configuration file that has only
5 # X.509v3 extensions in its main [= default] section.)
7 +openssl_conf=openssl_conf
13 +# To enable an engine, install the package, and uncomment it here:
20 +# Leave this alone and configure algorithms with CIPERS/DIGESTS below
21 +default_algorithms = ALL
23 +# The following commands are only available if using the alternative
24 +# (sync) AFALG engine
25 +# Configuration commands:
26 +# Run 'openssl engine -t -c -vv -pre DUMP_INFO devcrypto' to see a
27 +# list of supported algorithms, along with their driver, whether they
28 +# are hw accelerated or not, and the engine's configuration commands.
30 +# USE_SOFTDRIVERS: specifies whether to use software (not accelerated)
31 +# drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use
32 +# if acceleration can't be determined) [default=2]
35 +# CIPHERS: either ALL, NONE, NO_ECB (all except ECB-mode) or a
36 +# comma-separated list of ciphers to enable [default=NO_ECB]
37 +# Starting in 1.2.0, if you use a cipher list, each cipher may be
38 +# followed by a colon (:) and the minimum request length to use
39 +# AF_ALG drivers for that cipher; smaller requests are processed by
40 +# softare; a negative value will use the default for that cipher
41 +#CIPHERS=AES-128-CBC:1024, AES-256-CBC:768, DES-EDE3-CBC:0
43 +# DIGESTS: either ALL, NONE, or a comma-separated list of digests to
44 +# enable [default=NONE]
45 +# It is strongly recommended not to enable digests; their performance
46 +# is poor, and there are many cases in which they will not work,
47 +# especially when calling fork with open crypto contexts. Openssh,
48 +# for example, does this, and you may not be able to login.
52 +# Leave this alone and configure algorithms with CIPERS/DIGESTS below
53 +default_algorithms = ALL
55 +# Configuration commands:
56 +# Run 'openssl engine -t -c -vv -pre DUMP_INFO devcrypto' to see a
57 +# list of supported algorithms, along with their driver, whether they
58 +# are hw accelerated or not, and the engine's configuration commands.
60 +# USE_SOFTDRIVERS: specifies whether to use software (not accelerated)
61 +# drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use
62 +# if acceleration can't be determined) [default=2]
65 +# CIPHERS: either ALL, NONE, or a comma-separated list of ciphers to
66 +# enable [default=ALL]
67 +# It is recommended to disable the ECB ciphers; in most cases, it will
68 +# only be used for PRNG, in small blocks, where performance is poor,
69 +# and there may be problems with apps forking with open crypto
70 +# contexts, leading to failures. The CBC ciphers work well:
71 +#CIPHERS=DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC
73 +# DIGESTS: either ALL, NONE, or a comma-separated list of digests to
74 +# enable [default=NONE]
75 +# It is strongly recommended not to enable digests; their performance
76 +# is poor, and there are many cases in which they will not work,
77 +# especially when calling fork with open crypto contexts. Openssh,
78 +# for example, does this, and you may not be able to login.
82 +default_algorithms = ALL
85 +default_algorithms = ALL
86 +# CRYPT_PARAMS: OID of default GOST 28147-89 parameters It allows the
87 +# user to choose between different parameter sets of symmetric cipher
88 +# algorithm. RFC 4357 specifies several parameters for the
89 +# GOST 28147-89 algorithm, but OpenSSL doesn't provide user interface
90 +# to choose one when encrypting. So use engine configuration parameter
92 +# Value of this parameter can be either short name, defined in OpenSSL
93 +# obj_dat.h header file or numeric representation of OID, defined in
94 +# RFC 4357. Defaults to id-tc26-gost-28147-param-Z
95 +#CRYPT_PARAMS = id-tc26-gost-28147-param-Z
97 +# PBE_PARAMS: Shortname of default digest alg for PBE
102 # We can add new OIDs in here for use by 'ca', 'req' and 'ts'.