openssl: add legacy provider

[openwrt/staging/dedeckeh.git] / package / libs / openssl / files / devcrypto.cnf

diff --git a/package/libs/openssl/files/devcrypto.cnf b/package/libs/openssl/files/devcrypto.cnf
index 549275600d10f9dd6cb04db8084b4258bc3dc7f7..91d0eee17fa8d36ff0b8e2a65ee6d88b51a9082f 100644 (file)
--- a/package/libs/openssl/files/devcrypto.cnf
+++ b/package/libs/openssl/files/devcrypto.cnf
@@ -1,4 +1,4 @@
-[devcrypto]
+[devcrypto_sect]
 # Leave this alone and configure algorithms with CIPERS/DIGESTS below
 default_algorithms = ALL
 
@@ -17,8 +17,9 @@ default_algorithms = ALL
 # It is recommended to disable the ECB ciphers; in most cases, it will
 # only be used for PRNG, in small blocks, where performance is poor,
 # and there may be problems with apps forking with open crypto
-# contexts, leading to failures.  The CBC ciphers work well:
-#CIPHERS=DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC
+# contexts, leading to failures.  The CBC ciphers work well.
+CIPHERS=DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC, \
+       AES-128-CTR, AES-192-CTR, AES-256-CTR
 
 # DIGESTS: either ALL, NONE, or a comma-separated list of digests to
 # enable [default=NONE]
@@ -26,6 +27,8 @@ default_algorithms = ALL
 # is poor, and there are many cases in which they will not work,
 # especially when calling fork with open crypto contexts.  Openssh,
 # for example, does this, and you may not be able to login.
-#DIGESTS = NONE
-
+# Sysupgrade will fail as well.  If you're adventurous enough to change
+# this, you should change it back to NONE, and reboot before running
+# sysupgrade!
+DIGESTS = NONE