On 2015-06-14 02:46, Jeff Trawick wrote:
> On Sat, Jun 13, 2015 at 7:42 PM, Yann Ylavic <ylavic....@gmail.com> wrote:
>
>> On Sun, Jun 14, 2015 at 1:18 AM, Jeff Trawick <traw...@gmail.com> wrote:
>>> On Sat, Jun 13, 2015 at 6:06 PM, Yann Ylavic <ylavic....@gmail.com>
>> wrote:
>>>>
>>>> I did not look at pr12355.t and pr43738.t yet, however those passed in
>>>> my tests, so it's probably something different.
>>>
>>>
>>> Just in case it wasn't clear, these aren't regressions. I get them with
>>> prior releases on FreeBSD 10.1 also.
>>
>> Ah ok, those are possibly the same as I reported in [1] for the 2.4.13
>> vote (in the Post Scriptum, about latest stable debian 8).
>>
>>>
>>> I don't know if it is the Perl stack or OpenSSL or ??? that results in
>> the
>>> consistent failure. (This FreeBSD has a significantly newer Perl stack
>> from
>>> system packages than CentOS 7.) IIUC, Rainer has been reporting
>>> intermittent failures on various platforms for a while.
>>
>> It seems to be related to latest OpenSSL, maybe RC5 isn't handled anymore?
>>
>
> I just tried on Fedora 22...
>
> For both the Perl interpreter/lib versions and OpenSSL versions, it seems
> to be essentially
>
> CentOS 7 < FreeBSD 10.1 < Fedora 22
>
> and the one in the middle is the only one where I see the issue.
>
> The CentOS and Fedora builds of OpenSSL are FIPS-enabled; I don't know how
> that affects the enabled ciphers.
>
>From OpenSSL CHANGES (happed already with 0.9.7i in 2005)
The patented RC5 and MDC2 algorithms will now be disabled unless
"enable-rc5" and "enable-mdc2", respectively, are specified.
And from src/crypto/openssl/Makefile
OPTIONS= ... no-md2 no-rc5 ...
OpenSSL is build in FreeBSD base with
... -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 ...
So is assume tests for RC5 and MD2 will always fail.
