[PATCH] use all available openssl algorithms
Jouni Malinen
j
Thu Jan 7 01:08:13 PST 2010
On Wed, Jan 06, 2010 at 08:04:10PM -0800, Dan Williams wrote:
> See:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=541924
> https://bugzilla.redhat.com/show_bug.cgi?id=538851
>
> ---
> Though maybe the EVP_add_digest() bits affect this and you'd rather
> specify the algorithms exactly?
Yes, I would certainly prefer more explicit configuration of algorithms,
i.e., only enable what it really needed. Whatever is needed for SSL
should already be there, but reading some odd PKCS#12 files may require
additional algorithms. Using OpenSSL_add_all_algorithms() will increase
the binary size unnecessarily when linking statically and it may enable
ciphers or hash algorithms that really should not be enabled in a secure
application or at least not done without fully understanding what this
changes. It is a global configuration that can change behavior not only
for reading local keys, but also for the TLS handshake.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list