| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame] | 1 | [devcrypto_sect] |
| 2 | # Leave this alone and configure algorithms with CIPERS/DIGESTS below |
| 3 | default_algorithms = ALL |
| 4 | |
| 5 | # Configuration commands: |
| 6 | # Run 'openssl engine -t -c -vv -pre DUMP_INFO devcrypto' to see a |
| 7 | # list of supported algorithms, along with their driver, whether they |
| 8 | # are hw accelerated or not, and the engine's configuration commands. |
| 9 | |
| 10 | # USE_SOFTDRIVERS: specifies whether to use software (not accelerated) |
| 11 | # drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use |
| 12 | # if acceleration can't be determined) [default=2] |
| 13 | #USE_SOFTDRIVERS = 2 |
| 14 | |
| 15 | # CIPHERS: either ALL, NONE, or a comma-separated list of ciphers to |
| 16 | # enable [default=ALL] |
| 17 | # It is recommended to disable the ECB ciphers; in most cases, it will |
| 18 | # only be used for PRNG, in small blocks, where performance is poor, |
| 19 | # and there may be problems with apps forking with open crypto |
| 20 | # contexts, leading to failures. The CBC ciphers work well. |
| 21 | CIPHERS=DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC, \ |
| 22 | AES-128-CTR, AES-192-CTR, AES-256-CTR |
| 23 | |
| 24 | # DIGESTS: either ALL, NONE, or a comma-separated list of digests to |
| 25 | # enable [default=NONE] |
| 26 | # It is strongly recommended not to enable digests; their performance |
| 27 | # is poor, and there are many cases in which they will not work, |
| 28 | # especially when calling fork with open crypto contexts. Openssh, |
| 29 | # for example, does this, and you may not be able to login. |
| 30 | # Sysupgrade will fail as well. If you're adventurous enough to change |
| 31 | # this, you should change it back to NONE, and reboot before running |
| 32 | # sysupgrade! |
| 33 | DIGESTS = NONE |
| 34 | |