Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSL 3.0 needs the legacy provider. #10394

Closed
sambitdash opened this issue Feb 1, 2025 · 5 comments
Closed

OpenSSL 3.0 needs the legacy provider. #10394

sambitdash opened this issue Feb 1, 2025 · 5 comments

Comments

@sambitdash
Copy link

OpenSSL 3.0 has put the weak ciphers in the legacy provider which is not built by default.

Old PDF files used RC4 which is unavailable with the OpenSSL 3.0 default provider. PDFIO.jl needs the legacy provider to open the old PDF password-protected files.
@sambitdash
Copy link
Author

This site gives some ideas for building the legacy provider.

https://help.heroku.com/88GYDTB2/how-do-i-configure-openssl-to-allow-the-use-of-legacy-cryptographic-algorithms

@sambitdash sambitdash mentioned this issue Feb 1, 2025
Closed
@eschnett
Copy link
Contributor

eschnett commented Feb 1, 2025

Looking at this page I think that the issue is that the legacy provider is not "loaded", which appears to happen at run time. The instructions given on that page seem to be about configuring OpenSSL (at run time) to enable the legacy provider. I do not see instructions that would apply to building OpenSSL.

Also, there is a strong warning against enabling the legacy provider by default because this would make things less secure by default.

@sambitdash
Copy link
Author

@eschnett, thanks a lot for looking into this issue. PDF documents are of archival value. Although RC4 is bad encryption for TLS/SSL connections, you have old password-protected PDF files that cannot be read unless we have RC4 data decrypted.

You are right about the page I shared. Please ignore it. I do not use the OpenSSL application but use the libcrypto.dll. But, when I try to load the legacy provider, I get an error. I wonder if the legacy provider DLL is even built as part of the OpenSSL binaries.

Can you share the binary locations for OpenSSL 3.0 for me to investigate?

@eschnett
Copy link
Contributor

eschnett commented Feb 2, 2025

If you use the OpenSSL_jll module from Julia, then you can use tab completion in the repl to see what functions this module exports. One of the functions points to the library file that has been loaded.

Otherwise, go to https://github.com/JuliaBinaryWrappers/OpenSSL_jll.jl and look into the Artifacts.toml file there. Examine this file manually until you find your operating system and architecture (probably os = windows, arch = x86_64, and nearby will be a url pointing to the tarball that Julia would download. This tarball will contain the dynamic library and other accompanying files.

@sambitdash
Copy link
Author

We do not need the Legacy provider as I have implemented RC4. So, closing it for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eschnett @sambitdash