From f985f03fe4d7ad5776d4650d3d09290cd2d39984 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Mon, 11 Apr 2022 19:00:27 +0200 Subject: [PATCH] DOC: install: document the fact that SSL engines are not enabled by default SSL engines used to be built by default for a long time but they're now disabled consecutive to the API change that makes OpenSSL 3.0 spew plenty of warnings. Support may still be enabled by passing USE_ENGINE=1. --- INSTALL | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/INSTALL b/INSTALL index 4dc9326fb..35b0242e6 100644 --- a/INSTALL +++ b/INSTALL @@ -274,7 +274,10 @@ the command line. It is worth mentioning that asynchronous cryptography engines are supported on OpenSSL 1.1.0 and above. Such engines are used to access hardware cryptography -acceleration that might be present on your system. +acceleration that might be present on your system. Due to API changes that +appeared with OpenSSL 3.0 and cause lots of build warnings, engines are not +enabled by default anymore in HAProxy 2.6. It is required to pass USE_ENGINE=1 +if they are desired. 4.6) Compression