On Wednesday 31 December 2014, Kapetanakis Giannis wrote: > On 31/12/14 11:29, Joel Sing wrote: > >> Well I've already made it working last night by adding a check > >> for SSL_CTX_need_tmp_RSA before calling SSL_CTX_set_tmp_rsa > > > > Excellent. You might want to see if you can get that upstream. > > Yes i've subscribed to their list and send it already.
Thanks. > >> So if I get it right, since I'm using HIGH ciphersuite I will never need > >> an ephemeral RSA key correct? > > > > Correct - LibreSSL no longer has any export ciphersuites and no longer > > supports ephemeral RSA keys. > > I'm a bit confused with LibreSSL. Has it already replaced OpenSSL in > OpenBSD? > radiusd is linked with libssl and libcrypto. Are these from OpenSSL or > LibreSSL? > I thought LibreSSL is libtls/libressl > (http://www.openbsd.org/faq/current.html#20141031) The libssl/libcrypto in OpenBSD 5.6 is LibreSSL. Quoting www.libressl.org, LibreSSL is composed of four parts: 1. The openssl(1) utility, which provides tools for managing keys, certificates, etc. 2. libcrypto: a library of cryptography fundamentals 3. libssl: a TLS library, backwards-compatible with OpenSSL 4. libtls: a new TLS library, designed to make it easier to write foolproof applications We renamed libressl to libtls to avoid confusion on that front :) > >> Is there a case were that SSL_CTX_need_tmp_RSA() will be true? > > > > Not if you are using LibreSSL (or BoringSSL) - from s3_lib.c: > > > > case SSL_CTRL_NEED_TMP_RSA: > > ret = 0; > > break; > > case SSL_CTRL_SET_TMP_RSA: > > case SSL_CTRL_SET_TMP_RSA_CB: > > SSLerr(SSL_F_SSL3_CTRL, > > ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); break; > > > >> SSL_OP_EPHEMERAL_RSA is not defined anywhere. > > > > So presumably it was added so that they could support export cipher > > suites... the commit message that added the code appears to be useless > > though: > > > > http://www.project-moonshot.org/gitweb/?p=freeradius.git;a=commitdiff;h=1 > >2b7f6efb1bbf6c70061d590a5ddfb1f71b0fefd -- "Action without study is fatal. Study without action is futile." -- Mary Ritter Beard
