| [devcrypto_sect] |
| # Leave this alone and configure algorithms with CIPERS/DIGESTS below |
| default_algorithms = ALL |
| |
| # Configuration commands: |
| # Run 'openssl engine -t -c -vv -pre DUMP_INFO devcrypto' to see a |
| # list of supported algorithms, along with their driver, whether they |
| # are hw accelerated or not, and the engine's configuration commands. |
| |
| # USE_SOFTDRIVERS: specifies whether to use software (not accelerated) |
| # drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use |
| # if acceleration can't be determined) [default=2] |
| #USE_SOFTDRIVERS = 2 |
| |
| # CIPHERS: either ALL, NONE, or a comma-separated list of ciphers to |
| # enable [default=ALL] |
| # It is recommended to disable the ECB ciphers; in most cases, it will |
| # only be used for PRNG, in small blocks, where performance is poor, |
| # and there may be problems with apps forking with open crypto |
| # contexts, leading to failures. The CBC ciphers work well. |
| CIPHERS=DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC, \ |
| AES-128-CTR, AES-192-CTR, AES-256-CTR |
| |
| # DIGESTS: either ALL, NONE, or a comma-separated list of digests to |
| # enable [default=NONE] |
| # It is strongly recommended not to enable digests; their performance |
| # is poor, and there are many cases in which they will not work, |
| # especially when calling fork with open crypto contexts. Openssh, |
| # for example, does this, and you may not be able to login. |
| # Sysupgrade will fail as well. If you're adventurous enough to change |
| # this, you should change it back to NONE, and reboot before running |
| # sysupgrade! |
| DIGESTS = NONE |
| |