Hi,
In ports openssl, openssl33, openssl34, openssl35, please add LEGACY in OPTIONS_DEFAULT in the Makefile.
Rationale: The option LEGACY builds the "legacy" provider, which contains the old cryptographic algorithms such as DES or 3DES. On all operating systems (Linux, macOS, FreeBSD core OS), the legacy provider is built and installed. Applications working on old protocols need to use DES or other old algorithms. In that case, the application needs to explicitly activate the legacy providers to use them and it works.
In FreeBSD Ports (and DPorts), OpenSSL is built without this option, the legacy provider is not built, not installed, and applications using DES fail.
On FreeBSD, nobody notices this because the core OS already contains a recent version of OpenSSL. This version includes the legacy provider, as in other operating systems. So, on FreeBSD, the OpenSSL Ports are useless and probably no one use them.
On DragonFly BSD, on the other hand, the core OS contains LibreSSL. First, this version is outdated. Second, LibreSSL is now incompatible with OpenSSL in applications using the v3 API of OpenSSL. As a result, this LibreSSL from the core is useless and we need to install a recent version of OpenSSL from DPorts. The problem is that these Ports do not include the legacy provider.
Note: FreeBSD Ports contains openssl36 which is not in DPorts. Conversely, DPorts contains openssl31 and openssl32 which are no longer in FreeBSD. Maybe this should be synchronized too. If openssl36 is added, also add LEGACY in OPTIONS_DEFAULT.
Note that this issue is posted as a result of a discussion in the DragonFly mailing list.
Hi,
In ports
openssl,openssl33,openssl34,openssl35, please addLEGACYinOPTIONS_DEFAULTin the Makefile.Rationale: The option
LEGACYbuilds the "legacy" provider, which contains the old cryptographic algorithms such as DES or 3DES. On all operating systems (Linux, macOS, FreeBSD core OS), the legacy provider is built and installed. Applications working on old protocols need to use DES or other old algorithms. In that case, the application needs to explicitly activate the legacy providers to use them and it works.In FreeBSD Ports (and DPorts), OpenSSL is built without this option, the legacy provider is not built, not installed, and applications using DES fail.
On FreeBSD, nobody notices this because the core OS already contains a recent version of OpenSSL. This version includes the legacy provider, as in other operating systems. So, on FreeBSD, the OpenSSL Ports are useless and probably no one use them.
On DragonFly BSD, on the other hand, the core OS contains LibreSSL. First, this version is outdated. Second, LibreSSL is now incompatible with OpenSSL in applications using the v3 API of OpenSSL. As a result, this LibreSSL from the core is useless and we need to install a recent version of OpenSSL from DPorts. The problem is that these Ports do not include the legacy provider.
Note: FreeBSD Ports contains
openssl36which is not in DPorts. Conversely, DPorts containsopenssl31andopenssl32which are no longer in FreeBSD. Maybe this should be synchronized too. Ifopenssl36is added, also addLEGACYinOPTIONS_DEFAULT.Note that this issue is posted as a result of a discussion in the DragonFly mailing list.