-
-
Notifications
You must be signed in to change notification settings - Fork 11.1k
Closed
Description
When OPENSSL_init_ssl() is called it does some initialisation of the ciphersuites. It scans the list of ciphersuites and removes any from the list that are disabled. In the apps this happens before any engine is loaded so when it scans the list is sees that it doesn't have any GOST support and disables the ciphersuites. Later the engine gets loaded but by then it is too late - the ciphersuites are already disabled.
I seem to recall some years ago this happened and we fixed it so that if you had an engine configured in your config file it would be loaded first. However this doesn't seem to work any more. It seems to be broken in 1.1.0 too.
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
No labels