> From https://www.openssl.org/docs/man3.0/man7/migration_guide.html
>
> > Engines and "METHOD" APIs
> > The refactoring to support Providers conflicts internally with the APIs
> > used to support engines, including the ENGINE API and any function that
> > creates or modifies custom "METHODS" (for example
> > [EVP_MD_meth_new(3)](http://man.he.net/man3/EVP_MD_meth_new),
> > [EVP_CIPHER_meth_new(3)](http://man.he.net/man3/EVP_CIPHER_meth_new),
> > [EVP_PKEY_meth_new(3)](http://man.he.net/man3/EVP_PKEY_meth_new),
> > [RSA_meth_new(3)](http://man.he.net/man3/RSA_meth_new),
> > [EC_KEY_METHOD_new(3)](http://man.he.net/man3/EC_KEY_METHOD_new), etc.).
> > These functions are being deprecated in OpenSSL 3.0, and users of these
> > APIs should know that their use can likely bypass provider selection and
> > configuration, with unintended consequences. This is particularly relevant
> > for applications written to use the OpenSSL 3.0 FIPS module, as detailed
> > below. Authors and maintainers of external engines are strongly encouraged
> > to refactor their code transforming engines into providers using the new
> > Provider API and avoiding deprecated methods.
>
> related to:
> [3948783](https://github.com/kamailio/kamailio/commit/394878313770a3b8b57a346a0a323effe8e88a4f)
> all ENGINE_* warnings
@aalba6675 maybe for openssl >= 3.0 an external implementation of [PKCS#11
provider](https://github.com/latchset/pkcs11-provider) is good enough or at
least the way to move forward?
I would disable tls_engine by default for openssl >= 3.0
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3484#issuecomment-1597041928
You are receiving this because you commented.
Message ID: <kamailio/kamailio/issues/3484/1597041...@github.com>
_______________________________________________
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
