Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you commented.
From https://www.openssl.org/docs/man3.0/man7/migration_guide.html
Engines and "METHOD" APIs
The refactoring to support Providers conflicts internally with the APIs used to support engines, including the ENGINE API and any function that creates or modifies custom "METHODS" (for example EVP_MD_meth_new(3), EVP_CIPHER_meth_new(3), EVP_PKEY_meth_new(3), RSA_meth_new(3), EC_KEY_METHOD_new(3), etc.). These functions are being deprecated in OpenSSL 3.0, and users of these APIs should know that their use can likely bypass provider selection and configuration, with unintended consequences. This is particularly relevant for applications written to use the OpenSSL 3.0 FIPS module, as detailed below. Authors and maintainers of external engines are strongly encouraged to refactor their code transforming engines into providers using the new Provider API and avoiding deprecated methods.related to: 3948783 all ENGINE_* warnings
@aalba6675 maybe for openssl >= 3.0 an external implementation of PKCS#11 provider is good enough or at least the way to move forward?
I would disable tls_engine by default for openssl >= 3.0
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you commented.