Ben Lentz wrote: >> I was planning on deploying dkim-milter but I noticed that after >> compiling and installing I got the error below on the reply from >> [EMAIL PROTECTED] After searches on the subject I gather that older >> versions of OpenSSL do not support rsa-sha256. Is this correct? >> >> >> --- CUT --- > Greetings! You need openssl 0.9.8 to do sha256. I have this running in > production on a Fedora Core 3 box, and was able to accomplish it by > building and installing the openssl 0.9.8 libraries and header files > into a separate directory, like /usr/openssl-0.9.8e: > ./Configure -DSSL_ALLOW_ADH -DSHA256_ASM --prefix=/usr/openssl-0.9.8e > --openssldir=/usr/openssl-0.9.8e/share/openssl linux-elf shared > make install build-shared > --- CUT --- > FWIW, I have built my production verification systems to support both > rsa-sha1 and sha256, while I am intentionally running my signing systems > in rsa-sha1 mode for maximum backward compatibility with systems like > your's. This is done using the -S dkim-filter parameter, or the > SignatureAlgorithm dkim-filter.conf parameter. > Thanks for the info. That sure saves some time if I want to go that route but regardless I will also use rsa-sha1 to be compatible with more systems.
What I was really trying to get at though is that if distributions decide to add this today and make it easier for people to install (RPM, etc) then they will end up using the openssl that is included by default. For that reason I was just curious how wide spread the usage of sha256 is used. I was just surprised that sendmail.net would use sha256 when other setups might not work with it and the sendmail.net server is what the docs say to test your setup with. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
