New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openssl_cipher_iv_length and FreeBSD #183
Comments
I've found disscusion on Stack Overflow about openssl_encrypt: Maybe this URL will be helpful? |
Same issue here with |
What is your fix @wtps0n? |
Well, I have no fix yet :-) I have no unix box with openssl 3.x availabe so I don't know how to write checking 'openssl version' inside php (which number version will be returned). So maybe it is much easier to define (pseudo code) config->session_cipher = ''. And inside lib/functions php set SESSION_CIPHER to aes-256-gcm as default or seeting from config. If it is good, I will try to make patch till the end of week. |
I made it work:
|
Great work. Yes it is working with Openssl 1.1.1. I've just checked it. Thank you very much. |
works with SLES 12SP5 (openssl-1.0.2p), too. |
Please open a PR for this. |
The phpldapadmin-1.2.6.4-getDN-htmlspecialchars.patch fixes an error you get under php-8.1 when "$server->getContainer($base->getDN())" returns a null object (that's the case if you have a short, one component, rootdn in your "$servers->setValue('server','base',array(...)" config. The phpldapadmin-1.2.6.5-openssl-1.patch fixes upstream issue leenooks/phpLDAPadmin#183. The openssl patch is now only applied if openssl:0/1.1 is installed. The phpldapadmin-1.2.6.2-r1-default-templates.patch is my fix of the upstream issue leenooks/phpLDAPadmin#49 Signed-off-by: protegh <protegh@users.noreply.github.com>
I'm a port maintainer of phpldapadmin at FreeBSD ports collection. After last update (1.2.6.5) I'm not able to login because of error:
E_WARNING: openssl_encrypt(): Setting of IV length for AEAD mode failed.
Well, on FreeBSD there is openssl 1.1.1 as default so last changes of lib/functions.php are not compatible with openssl 1.1.1t
I've found that there is new variable SESSION_CIPHER which is setup to new algoritms.
I think that this variable should be defined via configfile or maybe should be checked with 'openssl version'. It could be set as aes-256-gcm as default if user would not set it's value in config file.
I don't know yet which way is better :-)
Please remember that modyfing lib/functions.php manually I will lost changes during upgrade.
I can make a patch which, but I think it is good idea to choose in which way SESSION_CIPHER should be defined.
Or maybe you have better ideas?
The text was updated successfully, but these errors were encountered: