1openssl_conf = openssl_init 2 3[openssl_init] 4providers = provider_sect 5ssl_conf = ssl_conf_sect 6 7[provider_sect] 8# https://wiki.openssl.org/index.php/OpenSSL_3.0#Providers 9default = default_sect 10legacy = legacy_sect 11 12[default_sect] 13activate = 1 14 15[legacy_sect] 16activate = 1 17 18[ssl_conf_sect] 19system_default = ssl_conf_system_default_sect 20 21[ssl_conf_system_default_sect] 22# https://github.com/openssl/openssl/issues/21200 23# https://www.openssl.org/docs/manmaster/man3/SSL_CONF_cmd.html#Options 24Options = UnsafeLegacyRenegotiation 25 26 27# the following `CipherString` and `MinProtocol` are meant to solve 'legacy sigalg disallowed or unsupported' problem 28# https://github.com/openssl/openssl/issues/21276 29# https://github.com/openssl/openssl/issues/19867 30 31# https://www.openssl.org/docs/manmaster/man3/SSL_CONF_cmd.html#SUPPORTED-CONFIGURATION-FILE-COMMANDS 32# https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html#CIPHER-STRINGS 33CipherString = DEFAULT:@SECLEVEL=0 34 35# https://www.openssl.org/docs/manmaster/man3/SSL_CONF_cmd.html#MinProtocol 36MinProtocol = None 37