(start_)tls and openssl-0.9.8a
goetz at shomitefo.de
Tue Nov 22 03:07:45 EST 2005
Nikola Milutinovic wrote:
> Andreas Hasenack wrote:
>> On Mon, Nov 21, 2005 at 03:15:03PM +0100, Nikola Milutinovic wrote:
>>> Then there is a change in semantics of the OpenSSL API and somebody
>>> will have to dig through the docs.
>> Just changed a build option for openssl.
>> What didn't work (./Configure);
>> zlib no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa shared
>> What worked:
>> no-idea no-rc5 shared
>> I don't know which specific option did the trick, but it was one of those
>> that I removed.
> Hmm, first of all, why "no-idea, no-rc5"? You have better
> implementations on your system? I usually let OpenSSL be the provider of
> those algorithms.
Because idea and rc5 have patent issues ?
> Secondly, well, I don't know about ZLib. I usually install a separate
> ZLib and let all others link to it dynamically. I'm not saying that ZLib
> coming with OpenSSL is broken, but it could be. Or it simply could be
> that it is a different version than the one you have system-wide and
> that there are some interoperability issues. Again, it should not be
> happening, but it is possible.
OpenSSL has no build in zlib, but uses a system provided version.
> Lastly, I'm not familiar with EC, ECDH and ECSDA encryption types, but -
> if they worked in tests then they should have worked in a real world.
> If you have nerves for another run, try to build OpenSSL just without
> zlib and test again. That would be my bet.
My experience is that the zlib sometimes introduces a little bit of
Could you do an openssl s_client with the broken SSL version with
enabled debug ans see what happens ?
DMCA: The greed of the few outweighs the freedom of the many
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3185 bytes
Desc: S/MIME Cryptographic Signature
Url : https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20051122/953bb9f3/smime.bin
More information about the Info-cyrus