Hi, when I compile using the -DTEMP_GOST_TLS flag and the enable-GOST flag openssl compiles succesfully. The ssltest fails however. This happens on the current (04-07-2014) master branch, as well as the current (04-07-2014) OpenSSL_1_0_2-stable branch (the only branches I have tested so far with this issue), on a linux-elf platform as well as mingw64 (Windows).
Output during ssltest: Testing GOST-GOST94 Available compression methods: NONE ERROR in CLIENT 1075452872:error:140830B5:SSL routines:ssl3_client_hello:no ciphers available:s3_clnt.c:863: SSLv3, cipher (NONE) (NONE) 1 handshakes of 256 bytes done Failed GOST-GOST94 It fails ssltest on GOST-MD5 as well: $./ssltest -cipher "GOST-MD5" Available compression methods: NONE ERROR in CLIENT 3076066056:error:140740B5:SSL routines:SSL23_CLIENT_HELLO:no ciphers available:s23_clnt.c:522: TLSv1.2, cipher (NONE) (NONE) 1 handshakes of 256 bytes done The GOST ciphers show up in the cipher list, but with 'unknown' fields. $ openssl ciphers -v -l 'ALL' |grep -i gost GOST-GOST94 SSLv3 Kx=RSA Au=RSA Enc=unknown Mac=unknown GOST-MD5 SSLv3 Kx=RSA Au=RSA Enc=unknown Mac=MD5 The GOST engine itself loads without errors: $ openssl engine gost -vvvv -t -c (gost) Reference implementation of GOST engine [gost89, gost89-cnt, md_gost94, gost-mac, gost94, gost2001, gost-mac] [ available ] CRYPT_PARAMS: OID of default GOST 28147-89 parameters (input flags): STRING Am I doing something wrong here, is this expected behaviour, or is the GOST (SSL/TLS) implementation currently broken ? Thanks, Peter Mosmans ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org