Lines Matching full:and
19 .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
34 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
100 OpenSSL 3.0 is a major release and consequently any application that currently
104 previously worked with OpenSSL 1.1.1. However this is not guaranteed and some
112 In previous versions, OpenSSL was licensed under the dual OpenSSL and SSLeay
117 \fIProviders and FIPS support\fR
118 .IX Subsection "Providers and FIPS support"
121 concept. Providers collect together and make available algorithm implementations.
132 The FIPS provider is disabled by default and needs to be enabled explicitly
134 the FIPS provider gets built and installed in addition to the other standard
143 \&\fBEVP_EncryptInit_ex\fR\|(3), and \fBEVP_DigestInit\fR\|(3) functions. In case when
148 See also "Completing the installation of the FIPS Module" and
155 algorithms: the "high level" APIs (such as the \f(CW\*(C`EVP\*(C'\fR APIs) and the "low level"
159 \&\fBEVP_EncryptUpdate\fR\|(3) and \fBEVP_EncryptFinal\fR\|(3) to perform symmetric
163 \&\fBAES_encrypt\fR\|(3), and so on. The functions for 3DES are different.
177 Some cryptographic algorithms such as \fBMD2\fR and \fBDES\fR that were available via
178 the EVP APIs are now considered legacy and their use is strongly discouraged.
189 \fIEngines and "METHOD" APIs\fR
190 .IX Subsection "Engines and ""METHOD"" APIs"
193 support engines, including the ENGINE API and any function that creates or
197 OpenSSL 3.0, and users of these APIs should know that their use can likely
198 bypass provider selection and configuration, with unintended consequences.
200 FIPS module, as detailed below. Authors and maintainers of external engines are
202 using the new Provider API and avoiding deprecated methods.
214 will be considered legacy and will continue to work.
221 as \fBRSA_METHOD\fR or \fBEC_KEY_METHOD\fR is still possible and keys inside the
236 For OpenSSL 1.1.1 and below, different patch levels were indicated by a letter
237 at the end of the release version number. This will no longer be used and
240 added. OpenSSL versions with the same major number are API and ABI compatible.
241 If the major number changes then API and ABI compatibility is not guaranteed.
251 This also covers CRMF (RFC 4211) and HTTP transfer (RFC 6712)
252 See \fBopenssl\-cmp\fR\|(1) and \fBOSSL_CMP_exec_certreq\fR\|(3) as starting points.
257 A proper HTTP(S) client that supports GET and POST, redirection, plain and
258 ASN.1\-encoded contents, proxies, and timeouts.
263 This simplifies the process of adding new KDF and PRF implementations.
268 (scrypt, TLS1 PRF and HKDF) may be slower as they use an EVP_KDF bridge
271 See also "Key Derivation Function (KDF)" in \fBOSSL_PROVIDER\-default\fR\|(7) and
281 \&\fBEVP_DigestSign\fR\|(3) and \fBEVP_DigestVerify\fR\|(3).
290 Using calls to convenience functions such as \fBEVP_sha256()\fR and \fBEVP_aes_256_gcm()\fR may
295 See "Performance" in \fBcrypto\fR\|(7), "Explicit fetching" in \fBcrypto\fR\|(7) and "Implicit fetc…
307 KDF algorithms "SINGLE STEP" and "SSH"
309 See \fBEVP_KDF\-SS\fR\|(7) and \fBEVP_KDF\-SSHKDF\fR\|(7)
311 MAC Algorithms "GMAC" and "KMAC"
313 See \fBEVP_MAC\-GMAC\fR\|(7) and \fBEVP_MAC\-KMAC\fR\|(7).
325 The inverse ciphers use AES decryption for wrapping, and AES encryption for
327 "AES\-256\-WRAP\-INV", "AES\-128\-WRAP\-PAD\-INV", "AES\-192\-WRAP\-PAD\-INV" and
333 "CAMELLIA\-128\-CBC\-CTS", "CAMELLIA\-192\-CBC\-CTS" and "CAMELLIA\-256\-CBC\-CTS".
334 CS1, CS2 and CS3 variants are supported.
336 CMS and PKCS#7 updates
337 .IX Subsection "CMS and PKCS#7 updates"
341 Added CAdES-BES signature scheme and attributes support (RFC 5126) to CMS API.
346 Its purpose is to support encryption and decryption of a digital envelope that
347 is both authenticated and encrypted using AES GCM mode.
349 \&\fBPKCS7_get_octet_string\fR\|(3) and \fBPKCS7_type_is_other\fR\|(3) were made public.
355 were changed to more modern PBKDF2 and AES based algorithms. The default
363 and (where relevant) a property query. Other APIs which handle PKCS#7 and
377 context and property query and will call an extended version of the key/IV
379 \&\fBEVP_PBE_CipherInit_ex\fR\|(3), \fBEVP_PBE_find_ex\fR\|(3) and \fBEVP_PBE_scrypt_ex\fR\|(3).
402 for developers and is disabled by default. To utilize it, OpenSSL needs to be
406 registering BIOs as trace channels for a number of tracing and debugging
412 \&\fBEVP_PKEY_public_check\fR\|(3) and \fBEVP_PKEY_param_check\fR\|(3) now work for
413 more key types. This includes RSA, DSA, ED25519, X25519, ED448 and X448.
417 \fIOther notable deprecations and changes\fR
418 .IX Subsection "Other notable deprecations and changes"
425 STACK and HASH macros have been cleaned up
426 .IX Subsection "STACK and HASH macros have been cleaned up"
428 The type-safe wrappers are declared everywhere and implemented once.
429 See \fBDEFINE_STACK_OF\fR\|(3) and \fBDEFINE_LHASH_OF_EX\fR\|(3).
436 implemented by EVP_RAND and EVP_RAND_CTX.
438 Removed \fBFIPS_mode()\fR and \fBFIPS_mode_set()\fR
439 .IX Subsection "Removed FIPS_mode() and FIPS_mode_set()"
443 \&\fBEVP_default_properties_is_fips_enabled\fR\|(3) and
461 at least 112 bits, and that the iteration count is at least 1000.
482 Parameter and key generation is also reworked to make it possible
483 to generate EVP_PKEY_SM2 parameters and keys. Applications must now generate
484 SM2 keys directly and must not create an EVP_PKEY_EC key first. It is no longer
519 \&\fBEVP_PKEY_get0_RSA\fR\|(3), \fBEVP_PKEY_get0_DSA\fR\|(3), \fBEVP_PKEY_get0_EC_KEY\fR\|(3) and
539 \&\fBX509_print_ex\fR\|(3), \fBX509_CRL_print_ex\fR\|(3), and other similar functions has been
541 observed in 1.1.1 and 3.0. This also applies to the \fB\-text\fR output from the
542 \&\fBopenssl x509\fR and \fBopenssl crl\fR applications.
555 DH and DHX key types have different settable parameters
556 .IX Subsection "DH and DHX key types have different settable parameters"
586 the error codes only using the library number and the reason code.
596 .SS "Installation and Compilation"
597 .IX Subsection "Installation and Compilation"
599 instructions on how to build and install OpenSSL 3.0. Please also refer to the
609 Ignore the warnings. They are just warnings. The deprecated functions are still present and you may…
624 it's worth testing these scenarios and processing the newly relevant codes.
633 The build and installation procedure has changed significantly.
636 to build and install OpenSSL for your platform. Also read the various NOTES
641 The structure definitions have been removed from the public header files and
673 More details about the breaking changes between OpenSSL versions 1.0.2 and 1.1.0
681 separately and then integrated into your main OpenSSL 1.0.2 build.
683 OpenSSL and is no longer a separate download. For further information see
686 The function calls \fBFIPS_mode()\fR and \fBFIPS_mode_set()\fR have been removed
688 See \fBfips_module\fR\|(7) and \fBOSSL_PROVIDER\-FIPS\fR\|(7) for details.
691 The FIPS Module will be built and installed automatically if FIPS support has
706 use a different library context and have different providers loaded with
726 context such as \fBd2i_X509\fR\|(3), \fBd2i_X509_CRL\fR\|(3), \fBd2i_X509_REQ\fR\|(3) and
729 \&\fBX509_CRL_new_ex\fR\|(3), \fBX509_REQ_new_ex\fR\|(3) and \fBX509_PUBKEY_new_ex\fR\|(3) if a
737 \&\fBASN1_item_d2i_bio\fR\|(3), \fBASN1_item_sign\fR\|(3) and \fBASN1_item_verify\fR\|(3)
741 \&\fBb2i_RSA_PVK_bio()\fR and \fBi2b_PVK_bio()\fR
743 \&\fBBN_CTX_new\fR\|(3) and \fBBN_CTX_secure_new\fR\|(3)
747 \&\fBCMS_EnvelopedData_create\fR\|(3), \fBCMS_ReceiptRequest_create0\fR\|(3) and \fBCMS_sign\fR\|(3)
751 \&\fBCTLOG_new\fR\|(3), \fBCTLOG_new_from_base64\fR\|(3) and \fBCTLOG_STORE_new\fR\|(3)
755 \&\fBd2i_AutoPrivateKey\fR\|(3), \fBd2i_PrivateKey\fR\|(3) and \fBd2i_PUBKEY\fR\|(3)
757 \&\fBd2i_PrivateKey_bio\fR\|(3) and \fBd2i_PrivateKey_fp\fR\|(3)
759 Use \fBd2i_PrivateKey_ex_bio\fR\|(3) and \fBd2i_PrivateKey_ex_fp\fR\|(3)
765 \&\fBEVP_DigestSignInit\fR\|(3) and \fBEVP_DigestVerifyInit\fR\|(3)
767 \&\fBEVP_PBE_CipherInit\fR\|(3), \fBEVP_PBE_find\fR\|(3) and \fBEVP_PBE_scrypt\fR\|(3)
780 \&\fBEVP_SignFinal\fR\|(3) and \fBEVP_VerifyFinal\fR\|(3)
784 \&\fBOCSP_RESPID_match\fR\|(3) and \fBOCSP_RESPID_set_by_key\fR\|(3)
791 \&\fBPEM_read_PrivateKey\fR\|(3) and \fBPEM_read_PUBKEY\fR\|(3)
796 \&\fBPEM_X509_INFO_read_bio\fR\|(3) and \fBPEM_X509_INFO_read\fR\|(3)
805 \&\fBPKCS5_pbkdf2_set\fR\|(3) and \fBPKCS5_v2_scrypt_keyivgen\fR\|(3)
807 \&\fBPKCS7_encrypt\fR\|(3), \fBPKCS7_new\fR\|(3) and \fBPKCS7_sign\fR\|(3)
809 \&\fBPKCS8_decrypt\fR\|(3), \fBPKCS8_encrypt\fR\|(3) and \fBPKCS8_set0_pbe\fR\|(3)
811 \&\fBRAND_bytes\fR\|(3) and \fBRAND_priv_bytes\fR\|(3)
823 \&\fBX509_load_cert_crl_file\fR\|(3) and \fBX509_load_cert_file\fR\|(3)
825 \&\fBX509_LOOKUP_by_subject\fR\|(3) and \fBX509_LOOKUP_ctrl\fR\|(3)
831 \&\fBX509_REQ_new\fR\|(3) and \fBX509_REQ_verify\fR\|(3)
834 \&\fBX509_STORE_load_locations\fR\|(3) and \fBX509_STORE_load_store\fR\|(3)
844 \&\fBEVP_ASYM_CIPHER_fetch\fR\|(3) and \fBEVP_ASYM_CIPHER_do_all_provided\fR\|(3)
846 \&\fBEVP_CIPHER_fetch\fR\|(3) and \fBEVP_CIPHER_do_all_provided\fR\|(3)
848 \&\fBEVP_default_properties_enable_fips\fR\|(3) and
851 \&\fBEVP_KDF_fetch\fR\|(3) and \fBEVP_KDF_do_all_provided\fR\|(3)
853 \&\fBEVP_KEM_fetch\fR\|(3) and \fBEVP_KEM_do_all_provided\fR\|(3)
855 \&\fBEVP_KEYEXCH_fetch\fR\|(3) and \fBEVP_KEYEXCH_do_all_provided\fR\|(3)
857 \&\fBEVP_KEYMGMT_fetch\fR\|(3) and \fBEVP_KEYMGMT_do_all_provided\fR\|(3)
859 \&\fBEVP_MAC_fetch\fR\|(3) and \fBEVP_MAC_do_all_provided\fR\|(3)
861 \&\fBEVP_MD_fetch\fR\|(3) and \fBEVP_MD_do_all_provided\fR\|(3)
867 \&\fBEVP_Q_mac\fR\|(3) and \fBEVP_Q_digest\fR\|(3)
869 \&\fBEVP_RAND\fR\|(3) and \fBEVP_RAND_do_all_provided\fR\|(3)
873 \&\fBEVP_SIGNATURE_fetch\fR\|(3) and \fBEVP_SIGNATURE_do_all_provided\fR\|(3)
875 \&\fBOSSL_CMP_CTX_new\fR\|(3) and \fBOSSL_CMP_SRV_CTX_new\fR\|(3)
879 \&\fBOSSL_CRMF_MSG_create_popo\fR\|(3) and \fBOSSL_CRMF_MSGS_verify_popo\fR\|(3)
881 \&\fBOSSL_CRMF_pbm_new\fR\|(3) and \fBOSSL_CRMF_pbmp_new\fR\|(3)
883 \&\fBOSSL_DECODER_CTX_add_extra\fR\|(3) and \fBOSSL_DECODER_CTX_new_for_pkey\fR\|(3)
885 \&\fBOSSL_DECODER_fetch\fR\|(3) and \fBOSSL_DECODER_do_all_provided\fR\|(3)
889 \&\fBOSSL_ENCODER_fetch\fR\|(3) and \fBOSSL_ENCODER_do_all_provided\fR\|(3)
891 \&\fBOSSL_LIB_CTX_free\fR\|(3), \fBOSSL_LIB_CTX_load_config\fR\|(3) and \fBOSSL_LIB_CTX_set0_defaul…
895 \&\fBOSSL_PROVIDER_set_default_search_path\fR\|(3) and \fBOSSL_PROVIDER_try_load\fR\|(3)
897 \&\fBOSSL_SELF_TEST_get_callback\fR\|(3) and \fBOSSL_SELF_TEST_set_callback\fR\|(3)
901 \&\fBOSSL_STORE_LOADER_fetch\fR\|(3) and \fBOSSL_STORE_LOADER_do_all_provided\fR\|(3)
904 \&\fBRAND_set_DRBG_type\fR\|(3) and \fBRAND_set_seed_source_type\fR\|(3)
912 \fIFetching algorithms and property queries\fR
913 .IX Subsection "Fetching algorithms and property queries"
915 Implicit and Explicit Fetching is described in detail here
918 \fIMapping EVP controls and flags to provider \fR\f(BIOSSL_PARAM\fR\fI\|(3) parameters\fR
919 .IX Subsection "Mapping EVP controls and flags to provider OSSL_PARAM parameters"
921 The existing functions for controls (such as \fBEVP_CIPHER_CTX_ctrl\fR\|(3)) and
926 For ciphers see "CONTROLS" in \fBEVP_EncryptInit\fR\|(3), "FLAGS" in \fBEVP_EncryptInit\fR\|(3) and
929 For digests see "CONTROLS" in \fBEVP_DigestInit\fR\|(3), "FLAGS" in \fBEVP_DigestInit\fR\|(3) and
940 Providers are a replacement for engines and low-level method overrides
941 .IX Subsection "Providers are a replacement for engines and low-level method overrides"
947 used by algorithms. All these methods such as \fBRSA_new_method()\fR and \fBRSA_meth_new()\fR
948 are now deprecated and can be replaced by using providers instead.
950 Deprecated i2d and d2i functions for low-level key types
951 .IX Subsection "Deprecated i2d and d2i functions for low-level key types"
953 Any i2d and d2i functions such as \fBd2i_DHparams()\fR that take a low-level key type
954 have been deprecated. Applications should instead use the \fBOSSL_DECODER\fR\|(3) and
955 \&\fBOSSL_ENCODER\fR\|(3) APIs to read and write files.
958 Deprecated low-level key object getters and setters
959 .IX Subsection "Deprecated low-level key object getters and setters"
984 "Common X25519, X448, ED25519 and ED448 parameters" in \fBEVP_PKEY\-X25519\fR\|(7),
1006 \&\fBRSA_up_ref\fR\|(3) and \fBRSA_free\fR\|(3). Applications should instead use the
1007 high-level EVP_PKEY APIs, e.g. \fBEVP_PKEY_new\fR\|(3), \fBEVP_PKEY_up_ref\fR\|(3) and
1009 See also \fBEVP_PKEY_CTX_new_from_name\fR\|(3) and \fBEVP_PKEY_CTX_new_from_pkey\fR\|(3).
1013 "Deprecated low-level key reading and writing functions" and
1019 Low-level encryption functions such as \fBAES_encrypt\fR\|(3) and \fBAES_decrypt\fR\|(3)
1022 \&\fBEVP_EncryptUpdate\fR\|(3), and \fBEVP_EncryptFinal_ex\fR\|(3) or
1023 \&\fBEVP_DecryptInit_ex\fR\|(3), \fBEVP_DecryptUpdate\fR\|(3) and \fBEVP_DecryptFinal_ex\fR\|(3).
1041 \&\fBEVP_DigestSign\fR\|(3) and \fBEVP_DigestVerify\fR\|(3).
1043 \&\fBEVP_SIGNATURE\-ECDSA\fR\|(7) and \fBEVP_SIGNATURE\-ED25519\fR\|(7).
1051 \&\fBEVP_MAC_update\fR\|(3) and \fBEVP_MAC_final\fR\|(3) or the single-shot MAC function
1054 \&\fBEVP_MAC\-KMAC\fR\|(7), \fBEVP_MAC\-BLAKE2\fR\|(7), \fBEVP_MAC\-Poly1305\fR\|(7) and
1075 See \fBEVP_KEYEXCH\-DH\fR\|(7), \fBEVP_KEYEXCH\-ECDH\fR\|(7) and \fBEVP_KEYEXCH\-X25519\fR\|(7).
1081 time. Applications should instead use \fBEVP_PKEY_keygen_init\fR\|(3) and
1083 \&\fBEVP_PKEY\-RSA\fR\|(7), \fBEVP_PKEY\-EC\fR\|(7) and \fBEVP_PKEY\-X25519\fR\|(7).
1084 The 'quick' one-shot function \fBEVP_PKEY_Q_keygen\fR\|(3) and macros for the most
1085 common cases: <\fBEVP_RSA_gen\fR\|(3)> and \fBEVP_EC_gen\fR\|(3) may also be used.
1087 Deprecated low-level key reading and writing functions
1088 .IX Subsection "Deprecated low-level key reading and writing functions"
1091 for a long time. Functions to read and write these low-level objects (such as
1093 \&\fBOSSL_ENCODER_to_bio\fR\|(3) and \fBOSSL_DECODER_from_bio\fR\|(3).
1105 \&\fBOSSL_ENCODER_to_bio\fR\|(3) and \fBOSSL_DECODER_from_bio\fR\|(3).
1112 \&\fBAES_bi_ige_encrypt()\fR and \fBAES_ige_encrypt()\fR
1116 They implemented the AES Infinite Garble Extension (IGE) mode and AES
1117 Bi-directional IGE mode. These modes were never formally standardised and
1137 There are no replacements. These old functions are not used, and could be
1162 Use \fBBN_check_prime\fR\|(3) which avoids possible misuse and always uses at least
1167 Use \fBBN_rand\fR\|(3) and \fBBN_rand_range\fR\|(3).
1172 by \fBRSA_X931_derive_ex()\fR and \fBRSA_X931_generate_key_ex()\fR which are also deprecated.
1203 tools, such as compiler memory and leak sanitizers or Valgrind.
1210 Use the higher level functions \fBEVP_CipherInit_ex2()\fR, \fBEVP_CipherUpdate()\fR and
1213 "Gettable and Settable EVP_CIPHER_CTX parameters" in \fBEVP_EncryptInit\fR\|(3).
1226 See "Deprecated i2d and d2i functions for low-level key types"
1245 "DES\-CFB1" and "DES\-CFB8" have been moved to the Legacy Provider.
1249 Use \fBEVP_PKEY_get_bits\fR\|(3), \fBEVP_PKEY_get_security_bits\fR\|(3) and
1260 The \fBDH_FLAG_TYPE_DH\fR and \fBDH_FLAG_TYPE_DHX\fR have been deprecated.
1295 See "Providers are a replacement for engines and low-level method overrides"
1307 Use \fBEVP_PKEY_get_bits\fR\|(3), \fBEVP_PKEY_get_security_bits\fR\|(3) and
1323 See "Providers are a replacement for engines and low-level method overrides".
1389 Applications should use \fBEC_GROUP_get_curve\fR\|(3) and \fBEC_GROUP_set_curve\fR\|(3).
1399 EC_METHOD is now an internal-only concept and a suitable EC_METHOD is assigned
1416 \&\fBOSSL_PKEY_PARAM_USE_COFACTOR_ECDH\fR and
1443 See "Providers are a replacement for engines and low-level method overrides"
1448 See "Providers are a replacement for engines and low-level method overrides"
1485 Applications should use \fBEC_POINT_get_affine_coordinates\fR\|(3) and
1491 \&\fBEC_POINT_set_affine_coordinates\fR\|(3) and \fBEC_POINT_get_affine_coordinates\fR\|(3)
1496 There is no replacement. These functions were not widely used, and OpenSSL
1511 See "Providers are a replacement for engines and low-level method overrides".
1522 \&\fBERR_peek_error_all\fR\|(3) and \fBERR_peek_last_error_all\fR\|(3).
1524 with ERR_peek functions and finish off with getting the error code by using
1530 \&\fBEVP_CIPHER_CTX_get_updated_iv\fR\|(3) and \fBEVP_CIPHER_CTX_get_original_iv\fR\|(3)
1537 See "Providers are a replacement for engines and low-level method overrides".
1541 \&\fBEVP_PKEY_CTRL_CMS_DECRYPT()\fR, and \fBEVP_PKEY_CTRL_CMS_SIGN()\fR
1543 These control operations are not invoked by the OpenSSL library anymore and
1549 See the "kdf-ukm" item in "DH key exchange parameters" in \fBEVP_KEYEXCH\-DH\fR\|(7) and
1551 These functions are obsolete and should not be required.
1559 Applications should use \fBEVP_PKEY_eq\fR\|(3) and \fBEVP_PKEY_parameters_eq\fR\|(3) instead.
1564 Applications should use \fBEVP_PKEY_encrypt_init\fR\|(3) and \fBEVP_PKEY_encrypt\fR\|(3) or
1565 \&\fBEVP_PKEY_decrypt_init\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3) instead.
1572 \&\fBEVP_PKEY_get1_DH()\fR, \fBEVP_PKEY_get1_DSA()\fR, EVP_PKEY_get1_EC_KEY and \fBEVP_PKEY_get1_RS…
1579 See "Providers are a replacement for engines and low-level method overrides".
1588 See "Deprecated low-level key object getters and setters"
1594 generic functions \fBEVP_PKEY_set1_encoded_public_key\fR\|(3) and
1601 See "Providers are a replacement for engines and low-level method overrides".
1619 See "Deprecated low-level key reading and writing functions"
1626 See "Deprecated low-level key reading and writing functions"
1633 See "Deprecated low-level key reading and writing functions"
1645 See "Deprecated low-level key reading and writing functions"
1691 \&\fBOCSP_REQ_CTX\fR type and \fBOCSP_REQ_CTX_*()\fR functions
1695 type is \fBOSSL_HTTP_REQ_CTX\fR, and the deprecated functions are replaced
1714 These functions helped applications and engines create loaders for
1715 schemes they supported. These are all deprecated and discouraged in favour of
1721 PEM_read_bio_DSAPrivateKey and \fBPEM_read_bio_DSA_PUBKEY()\fR,
1735 See "Deprecated low-level key reading and writing functions"
1745 \&\fBEVP_RAND\fR\|(3) and \fBEVP_RAND\fR\|(7).
1755 The Algorithms "RC2", "RC4" and "RC5" have been moved to the Legacy Provider.
1765 Use \fBEVP_PKEY_get_bits\fR\|(3), \fBEVP_PKEY_get_security_bits\fR\|(3) and
1787 See "Providers are a replacement for engines and low-level method overrides"
1801 \&\fBRSA_get_default_method()\fR, RSA_get_ex_data and \fBRSA_get_method()\fR
1803 See "Providers are a replacement for engines and low-level method overrides".
1809 \&\fBRSA_meth_*()\fR, \fBRSA_new_method()\fR, RSA_null_method and \fBRSA_PKCS1_OpenSSL()\fR
1811 See "Providers are a replacement for engines and low-level method overrides".
1815 See "Deprecated low-level signing functions" and
1828 This is equivalent to doing sign and verify recover operations (with a padding
1837 See "Deprecated low-level key reading and writing functions"
1846 See "Providers are a replacement for engines and low-level method overrides"
1890 use the alternative functions \fBSSL_CTX_set0_tmp_dh_pkey\fR\|(3) and
1893 parameters for export and non-export ciphersuites. Export ciphersuites are no
1914 Use \fBX509_load_http\fR\|(3) and \fBX509_CRL_load_http\fR\|(3) instead.
1916 \fINID handling for provided keys and algorithms\fR
1917 .IX Subsection "NID handling for provided keys and algorithms"
1934 See \fBfips_module\fR\|(7) and \fBOSSL_PROVIDER\-FIPS\fR\|(7) for details.
1946 \&\fB\-provider_path\fR and \fB\-provider\fR are available to all apps and can be used
1955 \&\fB\-crl_lastupdate\fR and \fB\-crl_nextupdate\fR used by \fBopenssl ca\fR allows
1965 \&\fBopenssl dsaparam\fR, and \fBopenssl ecparam\fR.
1971 These are primarily changes in capitalisation and white space. However, in some
1974 \&'Q', 'G' and 'pcounter' instead of 'prime', 'generator', 'subgroup order' and
1977 The \fBopenssl\fR commands that read keys, certificates, and CRLs now
1988 \&\fBopenssl genrsa\fR and \fBopenssl rsa\fR have been modified to use PKEY APIs.
1989 \&\fBopenssl genrsa\fR and \fBopenssl rsa\fR now write PKCS #8 keys by default.
2001 \&\fBopenssl genrsa\fR, \fBopenssl rsa\fR, \fBopenssl genrsa\fR and \fBopenssl rsa\fR are
2002 now in maintenance mode and no new features will be added to them.
2014 automatically be detected and used by libssl.
2016 SSL and SSL_CTX options are now 64 bit instead of 32 bit.
2018 The signatures of the functions to get and set options on SSL and
2026 \&\fBSSL_get_options\fR\|(3) and \fBSSL_set_options\fR\|(3).
2028 \&\fBSSL_set1_host()\fR and \fBSSL_add1_host()\fR Changes
2053 Combining the Configure options no-ec and no-dh no longer disables TLSv1.3
2063 \&\fBSSL_CTX_set_ciphersuites()\fR and \fBSSL_set_ciphersuites()\fR changes.
2073 security operation and it passed a DH object instead. This is incorrect
2074 according to the definition of SSL_SECOP_TMP_DH, and is inconsistent with all
2082 instead and so the returned error becomes SSL_ERROR_ZERO_RETURN.
2084 The security strength of SHA1 and MD5 based signatures in TLS has been reduced.
2086 This results in SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 no longer
2087 working at the default security level of 1 and instead requires security
2096 X509 certificates signed using SHA1 are no longer allowed at security level 1 and above.