headTitle($this->translate('Critical Issue: Replace blowfish encryption')) ?>
The Blowfish encryption algorithm is vulnerable to certain attacks, particularly in contexts like HTTPS. Versions of OpenSSL starting with 3.0 will no longer support blowfish by default, which can break your VuFind installation. You can read more about this issue on the VuFind JIRA ticket.
In order to resolve this problem, we will need to enable blowfish encryption so you can convert your encrypted data to a new method. More information on converting below.
blowfishIsWorking): ?>Blowfish is not enabled on your system
Your system's version of OpenSSL may not configured to provide the Blowfish algorithm. You may need to follow these steps to enable the legacy provider in OpenSSL.
Identify the location of your OpenSSL configuration
php -i | grep "Openssl default config"=$this->copyToClipboardButton('find-openssl') ?>
Edit the OpenSSL config (most likely /usr/lib/ssl/openssl.cnf) and find the Providers configuration. Under Ubuntu, you need to find a [providers_sect] section, and add the line:
legacy = legacy_sect
Find the section for the default provider and make sure to uncomment activate = 1 in that section
[provider_sect] default = default_sect legacy = legacy_sect [default_sect] activate = 1
Add a new section somewhere below:
[legacy_sect] activate = 1
Here is a complete example of the changes you will need to make to your OpenSSL configuration file.
# /usr/lib/ssl/openssl.cnf or /etc/ssl/openssl.cnf [openssl_init] providers = provider_sect [provider_sect] default = default_sect legacy = legacy_sect [default_sect] activate = 1 [legacy_sect] activate = 1
You can use VuFind's CLI tool switch_db_hash to convert all passwords from blowfish to another encryption method. Below, you can find a pre-filled example command that will convert your encryption to =$this->escapeHtml($newAlgorithm)?> (the new recommended VuFind encryption method) with a random key. You can use openssl_get_cipher_methods() to see all encryption methods available on your system.
php $VUFIND_HOME/public/index.php util switch_db_hash =$this->escapeHtml($newAlgorithm)?> "=$this->escapeHtml($exampleKey) ?>"=$this->copyToClipboardButton('#example-cmd') ?>