Open mouse07410 opened 5 months ago
I don't think such an expectation is reasonable.
Which is my other point - we can't get away from dynamic providers (nor do we want to), so the process becomes not merely tedious, but requiring an expert.
I completely agree. Hence my question above
Are you aware of a facility within openssl to extract all such (currently registered) algorithm combinations along the lines (but extending to all permitted configurable sigalg combinations) of openssl list -signature-algorithms?
Now raised in https://github.com/openssl/openssl/discussions/24522 to get input from the openssl community. Also tagging @levitte @mattcaswell @romen fyi.
So far, all this discussion strengthened my conviction that the only practical doable-now way is to allow every provider (starting with this one) to define a subset of all the algorithms it supports that it will offer/expose to TLS.
Unfortunately no, see my comment https://github.com/openssl/openssl/issues/24535#issuecomment-2141290463
Describe the bug Provider built from the
main
branch pulled after Fri Apr 12, 2024, somehow causes OpenSSL to hang and then time-out on requests over corporate firewall (to https://index.crates.io, in case it matters).When I comment out
oqs
provider inopenssl.cnf
the problem disappears.I must add that before Apr 12th everything worked just fine. So, it's OpenSSL, or liboqs, or oqs-provider.
@levitte could you please take a look as well? I don't know whether it's the provider's fault, or that of the OpenSSL itself.
To Reproduce A little complicated, but here's what I have.
Steps to reproduce the behavior:
cargo-update
viacargo install cargo-update
liboqs
.oqs-provider
(main
branch).openssl.cnf
to addoqs
provider (some add it asoqsprovider
, for me naming itoqs
suffices).cargo install-update -l
Expected behavior
Something like
Actual behavior
Environment (please complete the following information):
main
is)Please run the following commands to obtain the version information:
openssl version
openssl list -providers