mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-22 23:12:32 +00:00
57 lines
1.9 KiB
Diff
57 lines
1.9 KiB
Diff
|
--- a/apps/openssl.cnf
|
||
|
+++ b/apps/openssl.cnf
|
||
|
@@ -22,6 +22,53 @@ oid_section = new_oids
|
||
|
# (Alternatively, use a configuration file that has only
|
||
|
# X.509v3 extensions in its main [= default] section.)
|
||
|
|
||
|
+openssl_conf=openssl_conf
|
||
|
+
|
||
|
+[openssl_conf]
|
||
|
+engines=engines
|
||
|
+
|
||
|
+[engines]
|
||
|
+# To enable an engine, install the package, and uncomment it here:
|
||
|
+#devcrypto=devcrypto
|
||
|
+#afalg=afalg
|
||
|
+#padlock=padlock
|
||
|
+
|
||
|
+[afalg]
|
||
|
+default_algorithms = ALL
|
||
|
+
|
||
|
+[devcrypto]
|
||
|
+# Leave this alone and configure algorithms with CIPERS/DIGESTS below
|
||
|
+default_algorithms = ALL
|
||
|
+
|
||
|
+# Configuration commands:
|
||
|
+# Run 'openssl engine -t -c -vv -pre DUMP_INFO devcrypto' to see a
|
||
|
+# list of supported algorithms, along with their driver, whether they
|
||
|
+# are hw accelerated or not, and the engine's configuration commands.
|
||
|
+
|
||
|
+# USE_SOFTDRIVERS: specifies whether to use software (not accelerated)
|
||
|
+# drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use
|
||
|
+# if acceleration can't be determined) [default=2]
|
||
|
+#USE_SOFTDRIVERS = 2
|
||
|
+
|
||
|
+# CIPHERS: either ALL, NONE, or a comma-separated list of ciphers to
|
||
|
+# enable [default=ALL]
|
||
|
+# It is recommended to disable the ECB ciphers; in most cases, it will
|
||
|
+# only be used for PRNG, in small blocks, where performance is poor,
|
||
|
+# and there may be problems with apps forking with open crypto
|
||
|
+# contexts, leading to failures. The CBC ciphers work well:
|
||
|
+#CIPHERS=DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC
|
||
|
+
|
||
|
+# DIGESTS: either ALL, NONE, or a comma-separated list of digests to
|
||
|
+# enable [default=NONE]
|
||
|
+# It is strongly recommended not to enable digests; their performance
|
||
|
+# is poor, and there are many cases in which they will not work,
|
||
|
+# especially when calling fork with open crypto contexts. Openssh,
|
||
|
+# for example, does this, and you may not be able to login.
|
||
|
+#DIGESTS = NONE
|
||
|
+
|
||
|
+[padlock]
|
||
|
+default_algorithms = ALL
|
||
|
+
|
||
|
[ new_oids ]
|
||
|
|
||
|
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
|