-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSSL 3 support #904
Comments
Hello, |
FYI: burp has stopped working on Fedora 36 for this reason, too. Other distributions will likely follow, so let's hope this isn't too difficult... |
It shouldn't be too hard, I just have to
(1) was quite annoying, but I'm currently at (2) now. |
I did (2) but I found that (3) is very annoying. |
Still on (3). Windows is playing up. |
Was not Windows - rather, openssl3 has deprecated blowfish. |
I've tried very hard to get openssl3 to load the "legacy provider" on Windows, but I'm not getting anywhere. |
RE: deprecated blowfish file encryption There is now a change in burp master that will make it encrypt new files with AES-CBC-256, but will still be able to decrypt files encrypted with blowfish as long as your openssl library supports it. |
Git master now supports openssl3, ready for the next release, which I will try to do today: Blowfish has been deprecated by openssl. |
@grke In ALT Linux we upgraded to openssl-3 and
Of course user can fix this by editing openssl.cnf and enabling legacy provider there (which would require googling). But burp error message is not explanatory in that regard ( You can do additionaly help to users by enabling
In absence of details, I would say it should just load I hope this helps. |
BTW, for backward compatibility even if openssl does not provide BF-CBC (this is possible if legacy provider is not built/installed) you could use it directly (including source in burp), there is MIT licensed implementation: https://github.com/tombonner/blowfish-api |
Hello, Like I mentioned, I've tried very hard to get openssl3 to load the "legacy provider" on Windows. However, your other idea of just adding the code directly sounds interesting! So, I will re-open this issue, and I will look at doing that. |
Hello,
Is there any plan to support for openssl 3 in burp?
Burp debian package is marked for autoremoval from Debian testing due lack of OpenSSL 3 support.
Bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011540
Thanks!
The text was updated successfully, but these errors were encountered: