chg: usr: use deterministic ecdsa for openssl >= 3.2 (!9128) · Merge requests · ISC Open Source Projects / BIND

Aydın Mercan requested to merge 299-change-ecdsa-to-deterministic-usage-elliptic-curve-digital-signature-algorithm-rfc-6979 into main Jul 08, 2024

OpenSSL has added support for deterministic ECDSA (RFC 6979) with version 3.2.

Use it by default as it removes arguably its most fragile side of ECDSA. The derandomization doesn't pose a risk for DNS usecases and is allowed by FIPS 186-5.

Closes #299 (closed)

Edited Aug 01, 2024 by Aydın Mercan

chg: usr: use deterministic ecdsa for openssl >= 3.2

Merge request reports