Hi Casper, On Tue, Aug 29, 2017 at 03:22:38PM +0200, casper....@oracle.com wrote: > I recently run into the same problem as Jens Neuhalfen has reported > more than a year ago in this mailing list. > > As I was somewhat confused why the shipped Solaris openssl version failed, > I looked into that issue as I also wanted to run a recent > openvpn on Solaris 11.x.
Oh. That's the bit I missed - I tried reproducing it with various openssl versions, but my OpenSolaris test VM is so old that the *shipped* version didn't have GCM support yet... > After I figured out where we went wrong, I filed: > > 26336744 Solaris specific cleanup code breaks gcm_aes for, e.g., openvpn > > which has now been fixed in oracle solaris-userland on git hub > > https://github.com/oracle/solaris-userland/tree/master/components/openssl Cool, thanks a lot! > It cannot say exactly when it will be in Solaris 11.3 SRU (patch) release. > > Current workaround is disabling AES-GCM for openvpn but that should not be > needed in the future. Is there a way to reliably detect this issue from a test program (or by looking at system versions, like "uname")? It might be worth adding a configure test so users won't run into it ("AES-GCM disabled due to bug 26336744 in Solaris OpenSSL"). gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel