New XChaCha20-Poly130 may be missing from OTP if built with openssl 1.0.x #46
Comments
|
Can you please send a PR to the docs documenting such requirement? Thank you. |
|
Sure, #47 Added to the changelog of v2, hope is ok. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Probably this should be just a documentation update, but even with latest OTP 26, XChaCha20-Poly130 depends on the underlying openssl lib, which should be at least 1.1.x.
On systems with OTP26+ built with openssl 1.0.x the XChaCha20-Poly130 is not there and plug fails, even if the the otp/elixir stack is fully updated.
We have seen it on legacy CentOS7 and similar systems, which are still around.
I know that those are obsolete distros or setups, but OTP 26 can still be run on them and there's nothing that will alert that Plug.Crypto will fail, so probably just adding a note on the fact that version 2 of Plug.Crypto needs at least OTP compiled with openssl 1.1.x is more that enough.
Not related, just for the records, on some legacy distros there's a openssl11 compat package which may be used to build OTP with newer ssl (and will make Plug.Crypto 2 work) or even a patch for openssl 1.0.x by cloudflare which adds XChaCha20-Poly130 support (not tested).
The text was updated successfully, but these errors were encountered: