OpenSSL plays an important role in securing web applications through the implementation of TLS and SSL protocols. In some situations, you may find it necessary to enable the OpenSSL Legacy Provider to ensure compatibility with older applications or specific cryptographic requirements. It can be useful for PHP applications which uses older cryptographic algorithms. This tutorial explains how to enable OpenSSL Legacy Provider on Ubuntu.
It's important to note that on OpenSSL 3, the Legacy Provider is disabled by default. To enable it, we need to modify the OpenSSL configuration file. Open the terminal and execute the following commands:
sudo sed -i '/default = default_sect/a legacy = legacy_sect' /etc/ssl/openssl.cnf
sudo sed -i 's/# activate = 1/activate = 1/' /etc/ssl/openssl.cnf
sudo sed -i '/activate = 1/a [legacy_sect]\nactivate = 1' /etc/ssl/openssl.cnf
These commands use the
sed utility to make modifications to the OpenSSL configuration file located at
/etc/ssl/openssl.cnf. Here's a brief explanation of each command:
sed- appends a new line (
legacy = legacy_sect) after the line containing
default = default_sect.
sed- searches for the line containing
# activate = 1and replaces it with
activate = 1, effectively uncommenting and activating the specified configuration.
sed- appends two lines (
activate = 1) after the line containing
activate = 1, creating a new section labeled
[legacy_sect]and activating it.
After modifications, the configuration file should contain the following lines:
[provider_sect] default = default_sect legacy = legacy_sect [default_sect] activate = 1 [legacy_sect] activate = 1
To verify the changes, run the following command to get a list of available OpenSSL providers:
openssl list -providers
The output might look something like this:
Providers: default name: OpenSSL Default Provider version: 3.0.2 status: active legacy name: OpenSSL Legacy Provider version: 3.0.2 status: active
After modifying the file, we need to restart the application that depends on OpenSSL. For example, if you are running PHP-FPM, use the following command:
sudo service php8.2-fpm restart
If you are using Apache as your web server, restart it using the command:
sudo service apache2 restart