Add alternative output for OpenSSL 3 without legacy loaded

OpenSSL 3 introduced the concept of providers to support modularization, and moved the outdated ciphers to the new legacy provider. In case it's not loaded in the users openssl.cnf file there will be a lot of regress test failures, so add alternative outputs covering those. Also document the need to load the legacy provider in order to use older ciphers with OpenSSL-enabled pgcrypto. This will be backpatched to all supported version once there is sufficient testing in the buildfarm of OpenSSL 3. Reviewed-by: Michael Paquier Discussion: https://postgr.es/m/FEF81714-D479-4512-839B-C769D2605F8A@yesql.se
author: Daniel Gustafsson <dgustafsson@postgresql.org> 2021-09-25 11:27:28 +0200
committer: Daniel Gustafsson <dgustafsson@postgresql.org> 2021-09-25 11:27:28 +0200
commit: 6d0001aabf2a49180a236d9c2a7ecdf24e0cdb37 (patch)
tree: 37f08516baa528dbe76026a3393a8302aa7617b1 /doc/src
parent: 4fa2b15e1c9cae79afe17c14591074111b0d4093 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/src/sgml/pgcrypto.sgml b/doc/src/sgml/pgcrypto.sgml
index c4dce94001b..bbaa2691fe3 100644
--- a/doc/src/sgml/pgcrypto.sgml
+++ b/doc/src/sgml/pgcrypto.sgml
@@ -1235,6 +1235,13 @@ gen_random_uuid() returns uuid
    </table>
 
    <para>
+    When compiled against <productname>OpenSSL</productname> 3.0.0 and later
+    versions, the legacy provider must be activated in the
+    <filename>openssl.cnf</filename> configuration file in order to use older
+    ciphers like DES or Blowfish.
+   </para>
+
+   <para>
     Notes:
    </para>
author	Daniel Gustafsson <dgustafsson@postgresql.org>	2021-09-25 11:27:28 +0200
committer	Daniel Gustafsson <dgustafsson@postgresql.org>	2021-09-25 11:27:28 +0200
commit	6d0001aabf2a49180a236d9c2a7ecdf24e0cdb37 (patch)
tree	37f08516baa528dbe76026a3393a8302aa7617b1 /doc/src
parent	4fa2b15e1c9cae79afe17c14591074111b0d4093 (diff)