-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[OpenSSL 3] OpenSSL::Cipher.new fails with supported cipher #500
Comments
In OpenSSL 3.0, these algorithms belong to the OpenSSL legacy provider. The legacy provider is not enabled by default in a fresh installation of OpenSSL 3.0 and has to be enabled using https://www.openssl.org/docs/man3.0/man7/OSSL_PROVIDER-legacy.html
It could also be programmatically by using "propquery" string of |
It lists known OIDs/algorithm names for which an implementation can be registered, rather than actually available algorithms. I'm not sure if there is any way to know the latter using OpenSSL API. The rdoc should probably be clarified. |
The still in-use NTLM authentication, mainly supported by the rubyntlm, probably needs a way to reach this functionality to be able to access the RC4 and DES-CBC ciphers, as well as the MD4 digest. I saw that the gss-ntlmsspi also added code to load the legacy provider for the same reason, see: https://github.com/gssapi/gss-ntlmssp/pull/72/files |
Experiencing the same issue in netsnmp, following. |
net-ssh
has some test failures because it tries to callOpenSSL::Cipher.new
with the following ciphers:bf-cbc
,bf-ecb
,cast-cbc
, andcast5-ecb
. The error is:OpenSSL::Cipher::CipherError: unsupported
.I checked if those ciphers are still supported in the OpenSSL 3 library version available in Ubuntu and they are:
With OpenSSL 1.1.1f it works just fine:
AFAIU those calls to
OpenSSL::Cipher.new
should work since the cipher is available inOpenSSL::Cipher::ciphers
. Please, correct me if I am wrong.The text was updated successfully, but these errors were encountered: