7161N/A# This was developed in house. The change is internal to Solaris, and
7161N/A# it will not be contributed upstream.
7161N/A# This patch will change the default cipher used to encrypt certificate
7161N/A# to 3DES as RC2 is considered weak cipher. The default cipher for 1.1 will
7161N/A if (!load_config(bio_err, NULL))
7161N/A- cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
7161N/A- cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
7161N/A+ cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
7161N/A "-twopass separate MAC, encryption passwords\n");
7161N/A- "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
7161N/A+ "-descert encrypt PKCS#12 certificates with triple DES (default)\n");
7161N/A- "-certpbe alg specify certificate PBE algorithm (default RC2-40)\n");
7161N/A+ "-certpbe alg specify certificate PBE algorithm (default 3DES)\n");
7161N/A "-keypbe alg specify private key PBE algorithm (default 3DES)\n");
7161N/A The parameters B<nid_key>, B<nid_cert>, B<iter>, B<mac_iter> and B<keytype>
7161N/A can all be set to zero and sensible defaults will be used.
7161N/A-These defaults are: 40 bit RC2 encryption for certificates, triple DES
7161N/A-encryption for private keys, a key iteration count of PKCS12_DEFAULT_ITER
7161N/A-(currently 2048) and a MAC iteration count of 1.
7161N/A+These defaults are: triple DES encryption for certificates and private keys,
7161N/A+a key iteration count of PKCS12_DEFAULT_ITER (currently 2048) and a MAC
7161N/A The default MAC iteration count is 1 in order to retain compatibility with
7161N/A old software which did not interpret MAC iteration counts. If such compatibility