(start_)tls and openssl-0.9.8a

Nikola Milutinovic Nikola.Milutinovic at ev.co.yu
Tue Nov 22 01:34:07 EST 2005

Andreas Hasenack wrote:

>On Mon, Nov 21, 2005 at 03:15:03PM +0100, Nikola Milutinovic wrote:
>>Then there is a change in semantics of the OpenSSL API and somebody will 
>>have to dig through the docs.
>Just changed a build option for openssl.
>What didn't work (./Configure);
>zlib no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa shared
>What worked:
>no-idea no-rc5 shared
>I don't know which specific option did the trick, but it was one of those
>that I removed.

Hmm, first of all, why "no-idea, no-rc5"? You have better 
implementations on your system? I usually let OpenSSL be the provider of 
those algorithms.

Secondly, well, I don't know about ZLib. I usually install a separate 
ZLib and let all others link to it dynamically. I'm not saying that ZLib 
coming with OpenSSL is broken, but it could be. Or it simply could be 
that it is a different version than the one you have system-wide and 
that there are some interoperability issues. Again, it should not be 
happening, but it is possible.

Lastly, I'm not familiar with EC, ECDH and ECSDA encryption types, but - 
if they worked in tests then they should have worked in a real world.

If you have nerves for another run, try to build OpenSSL just without 
zlib and test again. That would be my bet.


More information about the Info-cyrus mailing list