Hi,
when I compile using the -DTEMP_GOST_TLS flag and the enable-GOST flag
openssl compiles succesfully. The ssltest fails however. This happens on
the current (04-07-2014) master branch, as well as the current
(04-07-2014) OpenSSL_1_0_2-stable branch (the only branches I have
tested so far with this issue), on a linux-elf platform as well as
mingw64 (Windows).
Output during ssltest:
Testing GOST-GOST94
Available compression methods:
NONE
ERROR in CLIENT
1075452872:error:140830B5:SSL routines:ssl3_client_hello:no ciphers
available:s3_clnt.c:863:
SSLv3, cipher (NONE) (NONE)
1 handshakes of 256 bytes done
Failed GOST-GOST94
It fails ssltest on GOST-MD5 as well:
$./ssltest -cipher GOST-MD5
Available compression methods:
NONE
ERROR in CLIENT
3076066056:error:140740B5:SSL routines:SSL23_CLIENT_HELLO:no ciphers
available:s23_clnt.c:522:
TLSv1.2, cipher (NONE) (NONE)
1 handshakes of 256 bytes done
The GOST ciphers show up in the cipher list, but with 'unknown' fields.
$ openssl ciphers -v -l 'ALL' |grep -i gost
GOST-GOST94 SSLv3 Kx=RSA Au=RSA Enc=unknown Mac=unknown
GOST-MD5SSLv3 Kx=RSA Au=RSA Enc=unknown Mac=MD5
The GOST engine itself loads without errors:
$ openssl engine gost - -t -c
(gost) Reference implementation of GOST engine
[gost89, gost89-cnt, md_gost94, gost-mac, gost94, gost2001, gost-mac]
[ available ]
CRYPT_PARAMS: OID of default GOST 28147-89 parameters
(input flags): STRING
Am I doing something wrong here, is this expected behaviour, or is the
GOST (SSL/TLS) implementation currently broken ?
Thanks,
Peter Mosmans
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org