Migration to pkcs11-provider from OpenSSL engines

[Sahana Prasad <sahana@xxxxxxxxxx>]

Hello,

OpenSSL 3.0.0 deprecated the support for using engines and introduced the concept of providers.

 If your package requires openssl-pkcs11 (libp11, engine_pkcs11), we recommend that you stop using it, and migrate to using the pkcs11-provider instead. We plan to deprecate and remove openssl-pkcs11 by Fedora 41

The pkcs11-provider [1] (available since Fedora 38) is an Openssl 3.0.0 provider designed to access Hardware or Software Tokens using the PKCS#11 Cryptographic Token Interface.

To read more about the pkcs11-provider you can have a look at [2]-

 If you have any questions kindly start a discussion here [4] we are more than happy to help.

List of packages that require openssl-pkcs11 -

libssh, rng-tools, libp11-devel, freeipa-server-dns, bind-dyndb-ldap, cryptobone, nginx, apache2

Just a note that pkcs11-provider is a new project and we are working continuously to improve it and test it extensively. If you encounter any issues, feel free to report them upstream [3].

Thank you for your understanding and we are looking forward to your collaboration.

[1] https://koji.fedoraproject.org/koji/packageinfo?packageID=37379

[2]  https://github.com/latchset/pkcs11-provider.

[3] https://github.com/latchset/pkcs11-provider/issues

[4] https://github.com/latchset/pkcs11-provider/discussions

--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue