Well the answer is in the previous messages. But in short :
Edit /etc/ssl/openssl.cnf
Find the following section :
Edit /etc/ssl/openssl.cnf
Find the following section :
# List of providers to load
[provider_sect]
default = default_sect
# The fips section name should match the section name inside the
# included fipsmodule.cnf.
# fips = fips_sect
# If no providers are activated explicitly, the default one is activated implicitly.
# See man 7 OSSL_PROVIDER-default for more details.
#
# If you add a section explicitly activating any other provider(s), you most
# probably need to explicitly activate the default provider, otherwise it
# becomes unavailable in openssl. As a consequence applications depending on
# OpenSSL may not work correctly which could lead to significant system
# problems including inability to remotely access the system.
[default_sect]
# activate = 1
And change it that way :
# List of providers to load [provider_sect] default = default_sect legacy = legacy_sect # The fips section name should match the section name inside the # included fipsmodule.cnf. # fips = fips_sect # If no providers are activated explicitly, the default one is activated implicitly. # See man 7 OSSL_PROVIDER-default for more details. # # If you add a section explicitly activating any other provider(s), you most # probably need to explicitly activate the default provider, otherwise it # becomes unavailable in openssl. As a consequence applications depending on # OpenSSL may not work correctly which could lead to significant system # problems including inability to remotely access the system. [default_sect] activate = 1 [legacy_sect] activate = 1
Then restart apache2 or php-fpm, and try again.
You can also test the script I posted in my previous message to test if your php installation can seal a message with RC4
Olivier
