View previous topic :: View next topic |
Author |
Message |
litan n00b
Joined: 13 Aug 2012 Posts: 51
|
Posted: Tue Sep 02, 2014 12:25 pm Post subject: [SOLVED] OpenSSL elliptic curves |
|
|
Hello,
I have currently set the bindist USE flag for my OpenSSL installation,
this flag disables elliptic curve cryptography, because of patents, so I disabled
the flag and tried to re-emerge, but emerge wants to pull in a new slot instead:
Code: | # emerge openssl
These are the packages that would be merged, in order:
Calculating dependencies... done!
[ebuild NS ] dev-libs/openssl-0.9.8z_p2:0.9.8 [1.0.1i:0] USE="(sse2) zlib -bindist -gmp -kerberos {-test}" ABI_X86="(64) (-32) (-x32)" 0 kB
Total: 1 package (1 in new slot), Size of downloads: 0 kB
|
Now, even if I knew how to use this other version, the show-stopper is that elliptic curve key exchange was added in OpenSSL 1.x.
What are my options?
Last edited by litan on Wed Sep 03, 2014 8:30 am; edited 1 time in total |
|
Back to top |
|
|
chithanh Developer
Joined: 05 Aug 2006 Posts: 2158 Location: Berlin, Germany
|
Posted: Wed Sep 03, 2014 1:28 am Post subject: |
|
|
bindist flags on openssl in slot 0 and openssh must match.
Code: | # emerge -pv openssl:0 openssh |
|
|
Back to top |
|
|
litan n00b
Joined: 13 Aug 2012 Posts: 51
|
Posted: Wed Sep 03, 2014 8:29 am Post subject: |
|
|
Thanks chithanh, that works.
I removed the bindist flag from openssh in /etc/portage/package.use:
Code: | dev-libs/openssl -tls-heartbeat -bindist
net-misc/openssh -bindist |
Code: | # emerge -pv openssl:0 openssh
These are the packages that would be merged, in order:
Calculating dependencies... done!
[ebuild R ] dev-libs/openssl-1.0.1i USE="(sse2) zlib -bindist* -gmp -kerberos -rfc3779 -static-libs {-test} -tls-heartbeat -vanilla" ABI_X86="(64) (-32) (-x32)" 0 kB
[ebuild R ] net-misc/openssh-6.6_p1-r1 USE="hpn pam tcpd -X -X509 -bindist* -kerberos -ldap -ldns -libedit (-selinux) -skey -static" 1,273 kB
Total: 2 packages (2 reinstalls), Size of downloads: 1,273 kB
|
Before:
Code: | $ openssl ciphers -v 'ECDHE-RSA-AES256-GCM-SHA384'
Error in cipher list
139909532599952:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1314: |
After:
Code: | $ openssl ciphers -v 'ECDHE-RSA-AES256-GCM-SHA384'
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD |
After recompiling apache, it also supports the new suites. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|