Index: openssl-3.2.3/apps/openssl.cnf
===================================================================
--- openssl-3.2.3.orig/apps/openssl.cnf
+++ openssl-3.2.3/apps/openssl.cnf
@@ -19,7 +19,6 @@ openssl_conf = openssl_init
 # Comment out the next line to ignore configuration errors
 config_diagnostics = 1
 
-[ oid_section ]
 # Extra OBJECT IDENTIFIER info:
 # oid_file       = $ENV::HOME/.oid
 oid_section = new_oids
@@ -46,23 +45,12 @@ tsa_policy3 = 1.2.3.4.5.7
 [openssl_init]
 providers = provider_sect
 # Load default TLS policy configuration
-ssl_conf = ssl_module
+##ssl_conf = ssl_module
 alg_section = evp_properties
-engines = engine_section
 
 [ evp_properties ]
 # This section is intentionally added empty here to be tuned on particular systems
 
-[ engine_section ]
-
-# This include will look through the directory that will contain the
-# engine declarations for any engines provided by other packages.
-.include /etc/ssl/engines3.d
-
-# This include will look through the directory that will contain the
-# definitions of the engines declared in the engine section.
-.include /etc/ssl/engdef3.d
-
 # Uncomment the sections that start with ## below to enable the legacy provider.
 # Loading the legacy provider enables support for the following algorithms:
 # Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160
@@ -73,20 +61,20 @@ engines = engine_section
 # to side-channel attacks and as such have been deprecated.
 
 [provider_sect]
-default = default_sect
+##default = default_sect
 ##legacy = legacy_sect
 
-[default_sect]
-activate = 1
+##[default_sect]
+##activate = 1
 
 ##[legacy_sect]
 ##activate = 1
 
-[ ssl_module ]
-system_default = crypto_policy
+##[ ssl_module ]
+##system_default = crypto_policy
 
-[ crypto_policy ]
-.include = /etc/crypto-policies/back-ends/opensslcnf.config
+##[ crypto_policy ]
+##.include = /etc/crypto-policies/back-ends/opensslcnf.config
 
 ####################################################################
 [ ca ]