can we change the security level in openssl.cnf (using CipherString = DEFAULT:@SECLEVEL=1)? any ref in doc? #24186
Replies: 1 comment
-
Here's what I found
Hope that helps. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
when we upgraded to OpenSSL3, few of the RSA certificates having keysize=1024 are not working (used openssl in Apache httpd). when we debugged further, we found that the default security level in OpenSSL3 is "2" and it does not allow keys of size less than 2048.
Now we cannot immediately upgrade our certificates to 2048 but we want our process to run as earlier.
we came across a forum where it is suggested to use "CipherString = DEFAULT:@SECLEVEL=1" in "[system_default_sect]" section. this is working fine for us. But we would like to know the exact impact of this setting. does it make the openssl libraries to work with a security level of 1? does it have any other impacts on overall system?
i could not find anything about this configuration in the documentation. or at least the values/format that "CipherString " takes. if this is documented can some one point me to that? like what are the values it supports and what is the format and impact?
Beta Was this translation helpful? Give feedback.
All reactions