(start_)tls and openssl-0.9.8a

Goetz Babin-Ebell goetz at shomitefo.de
Tue Nov 22 03:07:45 EST 2005

Nikola Milutinovic wrote:
> Andreas Hasenack wrote:
>> On Mon, Nov 21, 2005 at 03:15:03PM +0100, Nikola Milutinovic wrote:
>>> Then there is a change in semantics of the OpenSSL API and somebody 
>>> will have to dig through the docs.
>> Just changed a build option for openssl.
>> What didn't work (./Configure);
>> zlib no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa shared
>> What worked:
>> no-idea no-rc5 shared
>> I don't know which specific option did the trick, but it was one of those
>> that I removed.
> Hmm, first of all, why "no-idea, no-rc5"? You have better 
> implementations on your system? I usually let OpenSSL be the provider of 
> those algorithms.

Because idea and rc5 have patent issues ?

> Secondly, well, I don't know about ZLib. I usually install a separate 
> ZLib and let all others link to it dynamically. I'm not saying that ZLib 
> coming with OpenSSL is broken, but it could be. Or it simply could be 
> that it is a different version than the one you have system-wide and 
> that there are some interoperability issues. Again, it should not be 
> happening, but it is possible.

OpenSSL has no build in zlib, but uses a system provided version.

> Lastly, I'm not familiar with EC, ECDH and ECSDA encryption types, but - 
> if they worked in tests then they should have worked in a real world.

> If you have nerves for another run, try to build OpenSSL just without 
> zlib and test again. That would be my bet.
My experience is that the zlib sometimes introduces a little bit of 

Could you do an openssl s_client with the broken SSL version with 
enabled debug ans see what happens ?



DMCA: The greed of the few outweighs the freedom of the many
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3185 bytes
Desc: S/MIME Cryptographic Signature
Url : https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20051122/953bb9f3/smime.bin

More information about the Info-cyrus mailing list