Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 2 Sep 2025 21:45:38 -0700
From:      Gleb Smirnoff <glebius@freebsd.org>
To:        Cy Schubert <Cy.Schubert@cschubert.com>
Cc:        Rick Macklem <rick.macklem@gmail.com>, freebsd-current@freebsd.org
Subject:   Re: heimdal -> MIT kdc migration
Message-ID:  <aLfH8u9GwXX8IjyN@cell.glebi.us>
In-Reply-To: <20250903043714.370F5311@slippy.cwsent.com>
References:  <CAM5tNy4C1sFkqfDnO%2BA1Chkm86qxO--Rt%2BthbnFrBkWu_P7iDg@mail.gmail.com> <CAM5tNy4OAXmc12F_=6o%2Bse16ShE8jLX4np1X2T5rgeFxJTFFXA@mail.gmail.com> <CAM5tNy4fgqxYzT_aa9Ej0A1tsnuyHqQYuYRmeHF3ReSb%2BWsJ2A@mail.gmail.com> <CAM5tNy6ASuHS8O2ZKApcSQ61%2BBpnCQBKQitdYwtqEc9aBVDR7Q@mail.gmail.com> <CAM5tNy4C-nf_uLC9XO7Q3=dbFmC97NT%2BSAgVnjq6a63teXaMQw@mail.gmail.com> <CAM5tNy6ozGNiGqFREdepDxGVa3fsxRh%2BYhTpcRxVZkcqY2FJTQ@mail.gmail.com> <CAM5tNy4Aw7n-6dgNxUzi71=L9ewpxVL0z=jh3ntuZcXJo9Z2MQ@mail.gmail.com> <CAM5tNy5VKvx9rk-3DsWmdrH8C6f4uxQ8w8oyi71Zuwf-q6b_Yw@mail.gmail.com> <CAM5tNy7aNgOyzaKvzRWFGPkpdaHsA_bhjNFjMDQVk0df0dBFjw@mail.gmail.com> <20250903043714.370F5311@slippy.cwsent.com>
index | next in thread | previous in thread | raw e-mail 

On Tue, Sep 02, 2025 at 09:37:14PM -0700, Cy Schubert wrote:
C> I think the problem is with OpenSSL 3.5. With the legacy provider loaded in 
C> OpenSSL 3.5 I get,
C> 
C> test3# openssl list -providers
C> Providers:
C>   default
C>     name: OpenSSL Default Provider
C>     version: 3.5.1
C>     status: active
C> test3# 
C> 
C> Whereas in 3.0 I get,
C> 
C> bob# openssl list -providers
C> Providers:
C>   default
C>     name: OpenSSL Default Provider
C>     version: 3.0.16
C>     status: active
C>   legacy
C>     name: OpenSSL Legacy Provider
C>     version: 3.0.16
C>     status: active
C> bob# 
C> 
C> Some symbol must be missing.

The provider is no longer enabled by default in 3.5.  You need couple more
lines in /etc/ssl/openssl.cnf.  This page has some examples:

https://www.practicalnetworking.net/practical-tls/openssl-3-and-legacy-providers/

You also need CURRENT after b370fb00c89e9182f650943902a008f0c60883d6.

-- 
Gleb Smirnoff
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?aLfH8u9GwXX8IjyN>