OpenSSL: no "legacy" provider
Thierry Lelégard
thierry at lelegard.fr
Fri Feb 6 05:57:51 PST 2026
Hi,
I maintain an open source project (tsduck.io) which uses OpenSSL as cryptographic
library. For some old format, DES is used. No need to comment why DES shall no
longer be used, it's for management of old data only.
With OpenSSL, DES is now part of the "legacy" provider module. The provider must
be explicitly activated in the application.
On FreeBSD 15.0 with OpenSSL 3.5.4, the legacy provider module is in
/usr/lib/ossl-modules/legacy.so.
On NetBSD 9.3 with OpenSSL 3.6.0, it is in /usr/pkg/lib/ossl-modules/legacy.so.
However, on DragonFly BSD 6.4.2 with OpenSSL 3.0.15, there is no "legacy" module.
The only SSL module is the "fips" one in /usr/local/lib/ossl-modules/fips.so.
And of course, all DES operations fail.
It is not a matter of OpenSSL version, the principle of "providers" was introduced
in 3.0 and the legacy provider was created to host old algorithms.
Is there a "legacy" OpenSSL module with DragonFly BSD or was it completely removed
from the OpenSSL package? I found no additional package which could install it.
Thanks for your help.
-Thierry Lelégard (thierry at lelegard.fr)
More information about the Users
mailing list