Fossil SCM
Updated the macOS sidebar in the backups.md doc to cover Ventura.
Commit
a55042a01507c08421b57b3b3710b3a06ddac9316d44ea227e6847f356317d76
Parent
7010ce23917586d…
1 file changed
+7
-8
+7
-8
| --- www/backup.md | ||
| +++ www/backup.md | ||
| @@ -233,18 +233,17 @@ | ||
| 233 | 233 | won’t have the `-pbkdf2` and `-iter` options, and you may have to choose |
| 234 | 234 | a different cipher algorithm; both changes are likely to weaken the |
| 235 | 235 | encryption significantly, so you should install a newer version rather |
| 236 | 236 | than work around the lack of these features. |
| 237 | 237 | |
| 238 | -At the time of this writing — 2022.03.28 — macOS 12 (Monterey) still ships an | |
| 239 | -outdated fork of OpenSSL 1.0 called [LibreSSL][lssl] that lacks this | |
| 240 | -capability. Until Apple redresses this lack, we recommend use of the | |
| 241 | -[Homebrew][hb] OpenSSL package rather than give up on the security | |
| 242 | -afforded by use of configurable-iteration PBKDF2 in OpenSSL 1.1 and up, | |
| 243 | -later backported to LibreSSL 2.9.1 and up. To avoid a conflict with the | |
| 244 | -platform version, Homebrew’s installation is [unlinked][hbul] by | |
| 245 | -default, so you have to give an explicit path to it, one of: | |
| 238 | +Beware that macOS ships a fork of OpenSSL called [LibreSSL][lssl] that | |
| 239 | +lacked this capability until Ventura (13.0). If you’re on Monterey (12) | |
| 240 | +or older, we recommend use of the [Homebrew][hb] OpenSSL package rather | |
| 241 | +than give up on the security afforded by use of configurable-iteration | |
| 242 | +PBKDF2. To avoid a conflict with the platform’s `openssl` binary, | |
| 243 | +Homebrew’s installation is [unlinked][hbul] by default, so you have to | |
| 244 | +give an explicit path to it, one of: | |
| 246 | 245 | |
| 247 | 246 | /usr/local/opt/openssl/bin/openssl ... # Intel x86 Macs |
| 248 | 247 | /opt/homebrew/opt/openssl/bin/openssl ... # ARM Macs (“Apple silicon”) |
| 249 | 248 | |
| 250 | 249 | [lssl]: https://www.libressl.org/ |
| 251 | 250 |
| --- www/backup.md | |
| +++ www/backup.md | |
| @@ -233,18 +233,17 @@ | |
| 233 | won’t have the `-pbkdf2` and `-iter` options, and you may have to choose |
| 234 | a different cipher algorithm; both changes are likely to weaken the |
| 235 | encryption significantly, so you should install a newer version rather |
| 236 | than work around the lack of these features. |
| 237 | |
| 238 | At the time of this writing — 2022.03.28 — macOS 12 (Monterey) still ships an |
| 239 | outdated fork of OpenSSL 1.0 called [LibreSSL][lssl] that lacks this |
| 240 | capability. Until Apple redresses this lack, we recommend use of the |
| 241 | [Homebrew][hb] OpenSSL package rather than give up on the security |
| 242 | afforded by use of configurable-iteration PBKDF2 in OpenSSL 1.1 and up, |
| 243 | later backported to LibreSSL 2.9.1 and up. To avoid a conflict with the |
| 244 | platform version, Homebrew’s installation is [unlinked][hbul] by |
| 245 | default, so you have to give an explicit path to it, one of: |
| 246 | |
| 247 | /usr/local/opt/openssl/bin/openssl ... # Intel x86 Macs |
| 248 | /opt/homebrew/opt/openssl/bin/openssl ... # ARM Macs (“Apple silicon”) |
| 249 | |
| 250 | [lssl]: https://www.libressl.org/ |
| 251 |
| --- www/backup.md | |
| +++ www/backup.md | |
| @@ -233,18 +233,17 @@ | |
| 233 | won’t have the `-pbkdf2` and `-iter` options, and you may have to choose |
| 234 | a different cipher algorithm; both changes are likely to weaken the |
| 235 | encryption significantly, so you should install a newer version rather |
| 236 | than work around the lack of these features. |
| 237 | |
| 238 | Beware that macOS ships a fork of OpenSSL called [LibreSSL][lssl] that |
| 239 | lacked this capability until Ventura (13.0). If you’re on Monterey (12) |
| 240 | or older, we recommend use of the [Homebrew][hb] OpenSSL package rather |
| 241 | than give up on the security afforded by use of configurable-iteration |
| 242 | PBKDF2. To avoid a conflict with the platform’s `openssl` binary, |
| 243 | Homebrew’s installation is [unlinked][hbul] by default, so you have to |
| 244 | give an explicit path to it, one of: |
| 245 | |
| 246 | /usr/local/opt/openssl/bin/openssl ... # Intel x86 Macs |
| 247 | /opt/homebrew/opt/openssl/bin/openssl ... # ARM Macs (“Apple silicon”) |
| 248 | |
| 249 | [lssl]: https://www.libressl.org/ |
| 250 |