[PATCH] use all available openssl algorithms
Thu Jan 7 01:08:13 PST 2010
On Wed, Jan 06, 2010 at 08:04:10PM -0800, Dan Williams wrote:
> Though maybe the EVP_add_digest() bits affect this and you'd rather
> specify the algorithms exactly?
Yes, I would certainly prefer more explicit configuration of algorithms,
i.e., only enable what it really needed. Whatever is needed for SSL
should already be there, but reading some odd PKCS#12 files may require
additional algorithms. Using OpenSSL_add_all_algorithms() will increase
the binary size unnecessarily when linking statically and it may enable
ciphers or hash algorithms that really should not be enabled in a secure
application or at least not done without fully understanding what this
changes. It is a global configuration that can change behavior not only
for reading local keys, but also for the TLS handshake.
Jouni Malinen PGP id EFC895FA
More information about the Hostap