> [[email protected] - Thu May 20 09:34:25 2010]: > > To ensure compliance with high security environments, I would like to > build my copy of openssl without support for the LOW and MEDIUM > ciphers. > After reviewing the various cipher and config options, I decided to > use > the following configuration: > > > > ./config zlib shared no-RC2 no-RC4 no-SEED no-IDEA no-DES > > > > This command line was acceptable to configure, but unfortunately the > actual build process fails. Disabling any cipher results in a fatal > error to the build when completing the make in ./crypto/(cipher). > > > > It appears to be a "bug" that the options to config are not correctly > implemented to produce clean builds. It may also be that I am trying a > configuration that was never expected, yet I believe is a reasonable > choice. In that case this is perhaps an enhancement request - which > could be implemented in a later version, and hopefully with a better > UI, > like "no-LOW no-MEDIUM". Certainly the DES choice should require very > careful enhancements to the source, such that "des" would be disabled > yet "des3" would still be supported. I do not have an answer for this > mess at this time. If there is a solution in the configure or make > steps > of which I am not aware, please feel free to send me the information > and > I will test it. >
There isn't an option to do that currently. If you just want this to work with SSL/TLS then an appropriate cipher string would work. The "FIPS" string is one possibility. You may hit some problems if you disable things like RC2. For example PKCS#12 files still commonly encrypt certificates using 40 bit RC2. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
