On 2022-03-23 17:40:59 [+0000], Adam D. Barratt wrote: > Right, let's have another go at this then: > > " > OpenSSL signature algorithm check tightening > ============================================= > > The OpenSSL update provided in this point release includes a > change to ensure that the requested signature algorithm is > supported by the active security level. > > Although this will not affect most use-cases, it could lead to > error messages being generated if a non-supported algorithm is > requested - for example, use of RSA+SHA1 signatures with the default > security level of 2. > > In such cases, the security level will need to be explicitly > lowered, either for individual requests or more globally. This > may require changes to the configuration of aplications. For > OpenSSL itself, per-request lowering can be achieved using a > command-line option such as > > -cipher "ALL:@SECLEVEL=1" > > with the relevant system-level configuration being found in > /etc/ssl/openssl.cnf > " > > Is that any better? Further suggestions welcome, but I'm trying not to > make it longer than the rest of the text combined. :-)
This good Adam, thank you. I have nothing to add. > Regards, > > Adam Sebastian
