Re: [DNG] Install OpenSSL (libssl, libcrypto) with weak ciphers
On 21/7/21 23:04, aitor wrote: *libssl1.1* provides both libssl and libcrypto shared libraries. Better said: /usr/lib/x86_64-linux-gnu/libssl.so.1.1 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Install OpenSSL (libssl, libcrypto) with weak ciphers
Hi Mike, On 21/7/21 15:20, Mike Tubby wrote: Hi All, I appear to have a problem with OpenSSL and lack of support for weak ciphers, i.e. DES and 3DES ... I am trying to migrate a legacy system from Ubuntu 16.04 to Devuan 3.0 where we have mobile IoT devices based on Cinterion TC65i that are 10+ years old with a limited sub-set of SSL 3.0/TLS 1.0 ciphers in its Java-ME runtime, in particular we need DES/3DESciphers like RSA-3DES-CBC-SHA I have pulled the source package for openssl-1.1.1d and recompiled with configure option --enable-weak-ssl-ciphers that has left we with a new libssl and a mixture of .deb files and .udeb files: root@webmin1:/home/chris/openssl# ls -l total 20364 -rw-r--r-- 1 chris chris 1092008 Jul 21 13:41 libcrypto1.1-udeb_1.1.1d-0+deb10u6_amd64.udeb -rw-r--r-- 1 chris chris 1539476 Jul 21 13:41 libssl1.1_1.1.1d-0+deb10u6_amd64.deb -rw-r--r-- 1 chris chris 4024572 Jul 21 13:41 libssl1.1-dbgsym_1.1.1d-0+deb10u6_amd64.deb -rw-r--r-- 1 chris chris 191008 Jul 21 13:41 libssl1.1-udeb_1.1.1d-0+deb10u6_amd64.udeb -rw-r--r-- 1 chris chris 1794312 Jul 21 13:41 libssl-dev_1.1.1d-0+deb10u6_amd64.deb -rw-r--r-- 1 chris chris 1722936 Jul 21 13:41 libssl-doc_1.1.1d-0+deb10u6_all.deb drwxr-xr-x 22 chris chris 4096 Jul 21 13:49 openssl-1.1.1d -rw-r--r-- 1 chris chris 6574 Jul 21 13:41 openssl_1.1.1d-0+deb10u6_amd64.buildinfo -rw-r--r-- 1 chris chris 3724 Jul 21 13:41 openssl_1.1.1d-0+deb10u6_amd64.changes -rw-r--r-- 1 chris chris 844036 Jul 21 13:41 openssl_1.1.1d-0+deb10u6_amd64.deb -rw-r--r-- 1 root root 99740 Mar 23 20:54 openssl_1.1.1d-0+deb10u6.debian.tar.xz -rw-r--r-- 1 root root 2472 Mar 23 20:54 openssl_1.1.1d-0+deb10u6.dsc drwxr-xr-x 20 root root 4096 Jul 21 11:51 openssl-1.1.1d.orig -rw-r--r-- 1 root root 8845861 Sep 14 2019 openssl_1.1.1d.orig.tar.gz -rw-r--r-- 1 root root 488 Sep 14 2019 openssl_1.1.1d.orig.tar.gz.asc -rw-r--r-- 1 chris chris 650980 Jul 21 13:41 openssl-dbgsym_1.1.1d-0+deb10u6_amd64.deb root@webmin1:/home/chris/openssl# I don't appear to get a new libcrypto1.1-udeb_1.1.1d-0+deb10u6_amd64.deb but a udeb file instead that will not install. What am I missing *libssl1.1* provides both libssl and libcrypto shared libraries. Cheers, Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Install OpenSSL (libssl, libcrypto) with weak ciphers
On Wed, Jul 21, 2021 at 02:20:50PM +0100, Mike Tubby wrote: > I am trying to migrate a legacy system from Ubuntu 16.04 to Devuan 3.0 where > we have mobile IoT devices based on Cinterion TC65i that are 10+ years old > with a limited sub-set of SSL 3.0/TLS 1.0 ciphers in its Java-ME runtime, in > particular we need DES/3DESciphers like RSA-3DES-CBC-SHA There's an easier way. Just install the openssl packages already provided in Devuan 3. Edit /etc/ssl/openssl.cnf, and change the last line from: CipherString = DEFAULT@SECLEVEL=2 to: CipherString = DEFAULT@SECLEVEL=1 This will weaken the security of your ssl connections, but it sounds like you are already prepared to accept that risk. Greg -- web site: http://www.gregn.net gpg public key: http://www.gregn.net/pubkey.asc skype: gregn1 (authorization required, add me to your contacts list first) If we haven't been in touch before, e-mail me before adding me to your contacts. -- Free domains: http://www.eu.org/ or mail dns-mana...@eu.org ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Install OpenSSL (libssl, libcrypto) with weak ciphers
Hi All, I appear to have a problem with OpenSSL and lack of support for weak ciphers, i.e. DES and 3DES ... I am trying to migrate a legacy system from Ubuntu 16.04 to Devuan 3.0 where we have mobile IoT devices based on Cinterion TC65i that are 10+ years old with a limited sub-set of SSL 3.0/TLS 1.0 ciphers in its Java-ME runtime, in particular we need DES/3DESciphers like RSA-3DES-CBC-SHA I have pulled the source package for openssl-1.1.1d and recompiled with configure option --enable-weak-ssl-ciphers that has left we with a new libssl and a mixture of .deb files and .udeb files: root@webmin1:/home/chris/openssl# ls -l total 20364 -rw-r--r-- 1 chris chris 1092008 Jul 21 13:41 libcrypto1.1-udeb_1.1.1d-0+deb10u6_amd64.udeb -rw-r--r-- 1 chris chris 1539476 Jul 21 13:41 libssl1.1_1.1.1d-0+deb10u6_amd64.deb -rw-r--r-- 1 chris chris 4024572 Jul 21 13:41 libssl1.1-dbgsym_1.1.1d-0+deb10u6_amd64.deb -rw-r--r-- 1 chris chris 191008 Jul 21 13:41 libssl1.1-udeb_1.1.1d-0+deb10u6_amd64.udeb -rw-r--r-- 1 chris chris 1794312 Jul 21 13:41 libssl-dev_1.1.1d-0+deb10u6_amd64.deb -rw-r--r-- 1 chris chris 1722936 Jul 21 13:41 libssl-doc_1.1.1d-0+deb10u6_all.deb drwxr-xr-x 22 chris chris 4096 Jul 21 13:49 openssl-1.1.1d -rw-r--r-- 1 chris chris 6574 Jul 21 13:41 openssl_1.1.1d-0+deb10u6_amd64.buildinfo -rw-r--r-- 1 chris chris 3724 Jul 21 13:41 openssl_1.1.1d-0+deb10u6_amd64.changes -rw-r--r-- 1 chris chris 844036 Jul 21 13:41 openssl_1.1.1d-0+deb10u6_amd64.deb -rw-r--r-- 1 root root 99740 Mar 23 20:54 openssl_1.1.1d-0+deb10u6.debian.tar.xz -rw-r--r-- 1 root root 2472 Mar 23 20:54 openssl_1.1.1d-0+deb10u6.dsc drwxr-xr-x 20 root root 4096 Jul 21 11:51 openssl-1.1.1d.orig -rw-r--r-- 1 root root 8845861 Sep 14 2019 openssl_1.1.1d.orig.tar.gz -rw-r--r-- 1 root root 488 Sep 14 2019 openssl_1.1.1d.orig.tar.gz.asc -rw-r--r-- 1 chris chris 650980 Jul 21 13:41 openssl-dbgsym_1.1.1d-0+deb10u6_amd64.deb root@webmin1:/home/chris/openssl# I don't appear to get a new libcrypto1.1-udeb_1.1.1d-0+deb10u6_amd64.deb but a udeb file instead that will not install. What am I missing? Mike ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng