231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
|
This requires OpenSSL 1.1 or higher. If you’re on 1.0 or older, you
won’t have the `-pbkdf2` and `-iter` options, and you may have to choose
a different cipher algorithm; both changes are likely to weaken the
encryption significantly, so you should install a newer version rather
than work around the lack of these features.
At the time of this writing — 2021.02.26 — macOS 11 (BigSur) ships an
outdated fork of OpenSSL 1.0 called [LibreSSL][lssl] that lacks this
capability. Until Apple redresses this lack, we recommend use of the
[Homebrew][hb] OpenSSL package rather than give up on the security
afforded by use of configurable-iteration PBKDF2 in OpenSSL 1.1 and up,
later backported to LibreSSL 2.9.1 and up. To avoid a conflict with the
platform version, Homebrew’s installation is [unlinked][hbul] by
default, so you have to give an explicit path to it, one of:
|
|
|
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
|
This requires OpenSSL 1.1 or higher. If you’re on 1.0 or older, you
won’t have the `-pbkdf2` and `-iter` options, and you may have to choose
a different cipher algorithm; both changes are likely to weaken the
encryption significantly, so you should install a newer version rather
than work around the lack of these features.
At the time of this writing — 2022.03.28 — macOS 12 (Monterey) still ships an
outdated fork of OpenSSL 1.0 called [LibreSSL][lssl] that lacks this
capability. Until Apple redresses this lack, we recommend use of the
[Homebrew][hb] OpenSSL package rather than give up on the security
afforded by use of configurable-iteration PBKDF2 in OpenSSL 1.1 and up,
later backported to LibreSSL 2.9.1 and up. To avoid a conflict with the
platform version, Homebrew’s installation is [unlinked][hbul] by
default, so you have to give an explicit path to it, one of:
|