Add alternative output for OpenSSL 3 without legacy loaded

OpenSSL 3 introduced the concept of providers to support modularization, and moved the outdated ciphers to the new legacy provider. In case it's not loaded in the users openssl.cnf file there will be a lot of regress test failures, so add alternative outputs covering those. Also document the need to load the legacy provider in order to use older ciphers with OpenSSL-enabled pgcrypto. This will be backpatched to all supported version once there is sufficient testing in the buildfarm of OpenSSL 3. Reviewed-by: Michael Paquier Discussion: https://postgr.es/m/FEF81714-D479-4512-839B-C769D2605F8A@yesql.se Backpatch-through: 9.6
author: Daniel Gustafsson <dgustafsson@postgresql.org> 2021-09-25 11:27:28 +0200
committer: Daniel Gustafsson <dgustafsson@postgresql.org> 2021-09-25 11:27:28 +0200
commit: eb643536b9f16d58e17f21a226dd63be61e44011 (patch)
tree: 2cbaea0b61339dca0ab75d076a28608bbb7cfd81 /doc/src
parent: e802b594e7946d7fea9302f2231943c36255e084 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/src/sgml/pgcrypto.sgml b/doc/src/sgml/pgcrypto.sgml
index b4cd8ebc197..8435b331cfe 100644
--- a/doc/src/sgml/pgcrypto.sgml
+++ b/doc/src/sgml/pgcrypto.sgml
@@ -1226,6 +1226,13 @@ gen_random_uuid() returns uuid
    </table>
 
    <para>
+    When compiled against <productname>OpenSSL</productname> 3.0.0 and later
+    versions, the legacy provider must be activated in the
+    <filename>openssl.cnf</filename> configuration file in order to use older
+    ciphers like DES or Blowfish.
+   </para>
+
+   <para>
     Notes:
    </para>
author	Daniel Gustafsson <dgustafsson@postgresql.org>	2021-09-25 11:27:28 +0200
committer	Daniel Gustafsson <dgustafsson@postgresql.org>	2021-09-25 11:27:28 +0200
commit	eb643536b9f16d58e17f21a226dd63be61e44011 (patch)
tree	2cbaea0b61339dca0ab75d076a28608bbb7cfd81 /doc/src
parent	e802b594e7946d7fea9302f2231943c36255e084 (diff)