OpenSSL: no "legacy" provider

Pierre-Alain TORET pierre-alain at toret.fr
Fri Feb 6 06:42:44 PST 2026 

Hi Thierry,

concerning DPorts, there is the LEGACY option available :

https://gitweb.dragonflybsd.org/?p=dports.git;a=blob;f=security/openssl/Makefile;h=13d4729473fec2601acac1aaa9bd81526b70946b;hb=HEAD#l71

But if you look at the line defining OPTIONS_DEFAULT, it's disabled. So 
you would need to rebuild the package with that LEGACY option enabled to 
get the legacy provider module built-in.

It's building fine on current master.

Le 06/02/2026 à 15:03, John Marino (DragonFly) a écrit :
> So between FreeBSD and NetBSD you are mixing up your SSL sources.  You 
> quoted the base SSL on FreeBSD and you quoted the pkgsrc version of openssl.
> 
> So I assume you are looking at the base SSL of DragonFly which is 
> actually an older libreSSL.
> 
> What you should be looking at is the dports or Ravenports version of 
> openssl 3.0, because you would be linking with those, not the base SSL 
> library.
> 
> For ravenports, openssl3 does indeed install a legacy.so.
> https://www.ravenports.com/catalog/bucket_B9/openssl30/std/ <https:// 
> www.ravenports.com/catalog/bucket_B9/openssl30/std/>
> https://raw.githubusercontent.com/Ravenports/Ravenports/master/ 
> bucket_B9/openssl30 <https://raw.githubusercontent.com/Ravenports/ 
> Ravenports/master/bucket_B9/openssl30>
> 
> John
> 
> 
> On Fri, Feb 6, 2026 at 7:58 AM Thierry Lelégard <thierry at lelegard.fr 
> <mailto:thierry at lelegard.fr>> wrote:
> 
>     Hi,
> 
>     I maintain an open source project (tsduck.io <http://tsduck.io>)
>     which uses OpenSSL as cryptographic
>     library. For some old format, DES is used. No need to comment why
>     DES shall no
>     longer be used, it's for management of old data only.
> 
>     With OpenSSL, DES is now part of the "legacy" provider module. The
>     provider must
>     be explicitly activated in the application.
> 
>     On FreeBSD 15.0 with OpenSSL 3.5.4, the legacy provider module is in
>     /usr/lib/ossl-modules/legacy.so.
> 
>     On NetBSD 9.3 with OpenSSL 3.6.0, it is in /usr/pkg/lib/ossl-
>     modules/legacy.so.
> 
>     However, on DragonFly BSD 6.4.2 with OpenSSL 3.0.15, there is no
>     "legacy" module.
>     The only SSL module is the "fips" one in /usr/local/lib/ossl-
>     modules/fips.so.
>     And of course, all DES operations fail.
> 
>     It is not a matter of OpenSSL version, the principle of "providers"
>     was introduced
>     in 3.0 and the legacy provider was created to host old algorithms.
> 
>     Is there a "legacy" OpenSSL module with DragonFly BSD or was it
>     completely removed
>     from the OpenSSL package? I found no additional package which could
>     install it.
> 
>     Thanks for your help.
> 
>     -Thierry Lelégard  (thierry at lelegard.fr <mailto:thierry at lelegard.fr>)
>

More information about the Users mailing list