https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272835
Joerg Pulz <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #246375|0 |1 is obsolete| | --- Comment #3 from Joerg Pulz <[email protected]> --- Created attachment 246458 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=246458&action=edit patch to fix base heimdal and weak enctypes with base openssl-3.0.x v2 After thinking some more about this I propose we should fix this. If we ship heimdal with weak enctypes enabled (what we do) it should work out of the box. This can be achieved in two ways: 1) Modify the code so heimdal is loading the required OpenSSL legacy providers by itself - see the attached patch. 2) Modify the default OpenSSL configuration (/etc/ssl/openssl.cnf) we ship as mentioned in my previous comment. New versions of heimdal make use of heimdal's own md4/rc4 implementations in lib/hcrypto. As this is not in our tree (see crypto/heimdal/FREEBSD-Xlist) it's not an option. -- You are receiving this mail because: You are the assignee for the bug.
