openssl_conf = openssl_init

[openssl_init]
providers = provider_sect
ssl_conf = ssl_conf_sect

[provider_sect]
# https://wiki.openssl.org/index.php/OpenSSL_3.0#Providers
default = default_sect
legacy = legacy_sect

[default_sect]
activate = 1

[legacy_sect]
activate = 1

[ssl_conf_sect]
system_default = ssl_conf_system_default_sect

[ssl_conf_system_default_sect]
# https://github.com/openssl/openssl/issues/21200
# https://www.openssl.org/docs/manmaster/man3/SSL_CONF_cmd.html#Options
Options = UnsafeLegacyRenegotiation


# the following `CipherString` and `MinProtocol` are meant to solve 'legacy sigalg disallowed or unsupported' problem
# https://github.com/openssl/openssl/issues/21276
# https://github.com/openssl/openssl/issues/19867

# https://www.openssl.org/docs/manmaster/man3/SSL_CONF_cmd.html#SUPPORTED-CONFIGURATION-FILE-COMMANDS
# https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html#CIPHER-STRINGS
CipherString = DEFAULT:@SECLEVEL=0

# https://www.openssl.org/docs/manmaster/man3/SSL_CONF_cmd.html#MinProtocol
MinProtocol = None