openssl: add configuration example for afalg-sync
This adds commented configuration help for the alternate, afalg-sync engine to /etc/ssl/openssl.cnf. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This commit is contained in:
Eneas U de Queiroz
Christian Lamparter
parent
19af00850f
commit
d9d689589b
2 changed files with 31 additions and 2 deletions
|
|
@ -11,7 +11,7 @@ PKG_NAME:=openssl
|
||||||
PKG_BASE:=1.1.1
|
PKG_BASE:=1.1.1
|
||||||
PKG_BUGFIX:=d
|
PKG_BUGFIX:=d
|
||||||
PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
|
PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
|
||||||
PKG_RELEASE:=2
|
PKG_RELEASE:=3
|
||||||
PKG_USE_MIPS16:=0
|
PKG_USE_MIPS16:=0
|
||||||
ENGINES_DIR=engines-1.1
|
ENGINES_DIR=engines-1.1
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
--- a/apps/openssl.cnf
|
--- a/apps/openssl.cnf
|
||||||
+++ b/apps/openssl.cnf
|
+++ b/apps/openssl.cnf
|
||||||
@@ -22,6 +22,53 @@ oid_section = new_oids
|
@@ -22,6 +22,82 @@ oid_section = new_oids
|
||||||
# (Alternatively, use a configuration file that has only
|
# (Alternatively, use a configuration file that has only
|
||||||
# X.509v3 extensions in its main [= default] section.)
|
# X.509v3 extensions in its main [= default] section.)
|
||||||
|
|
||||||
|
|
@ -16,8 +16,37 @@
|
||||||
+#padlock=padlock
|
+#padlock=padlock
|
||||||
+
|
+
|
||||||
+[afalg]
|
+[afalg]
|
||||||
|
+# Leave this alone and configure algorithms with CIPERS/DIGESTS below
|
||||||
+default_algorithms = ALL
|
+default_algorithms = ALL
|
||||||
+
|
+
|
||||||
|
+# The following commands are only available if using the alternative
|
||||||
|
+# (sync) AFALG engine
|
||||||
|
+# Configuration commands:
|
||||||
|
+# Run 'openssl engine -t -c -vv -pre DUMP_INFO devcrypto' to see a
|
||||||
|
+# list of supported algorithms, along with their driver, whether they
|
||||||
|
+# are hw accelerated or not, and the engine's configuration commands.
|
||||||
|
+
|
||||||
|
+# USE_SOFTDRIVERS: specifies whether to use software (not accelerated)
|
||||||
|
+# drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use
|
||||||
|
+# if acceleration can't be determined) [default=2]
|
||||||
|
+#USE_SOFTDRIVERS = 2
|
||||||
|
+
|
||||||
|
+# CIPHERS: either ALL, NONE, NO_ECB (all except ECB-mode) or a
|
||||||
|
+# comma-separated list of ciphers to enable [default=NO_ECB]
|
||||||
|
+# Starting in 1.2.0, if you use a cipher list, each cipher may be
|
||||||
|
+# followed by a colon (:) and the minimum request length to use
|
||||||
|
+# AF_ALG drivers for that cipher; smaller requests are processed by
|
||||||
|
+# softare; a negative value will use the default for that cipher
|
||||||
|
+#CIPHERS=AES-128-CBC:1024, AES-256-CBC:768, DES-EDE3-CBC:0
|
||||||
|
+
|
||||||
|
+# DIGESTS: either ALL, NONE, or a comma-separated list of digests to
|
||||||
|
+# enable [default=NONE]
|
||||||
|
+# It is strongly recommended not to enable digests; their performance
|
||||||
|
+# is poor, and there are many cases in which they will not work,
|
||||||
|
+# especially when calling fork with open crypto contexts. Openssh,
|
||||||
|
+# for example, does this, and you may not be able to login.
|
||||||
|
+#DIGESTS = NONE
|
||||||
|
+
|
||||||
+[devcrypto]
|
+[devcrypto]
|
||||||
+# Leave this alone and configure algorithms with CIPERS/DIGESTS below
|
+# Leave this alone and configure algorithms with CIPERS/DIGESTS below
|
||||||
+default_algorithms = ALL
|
+default_algorithms = ALL
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue