Re: GOST in OPENSSL_BASE

2016-11-01 Thread Slawa Olhovchenkov
On Mon, Jul 18, 2016 at 12:39:46PM -0400, Jung-uk Kim wrote: > On 07/18/16 08:12 AM, Mathieu Arnold wrote: > > Hi, > > > > +--On 11 juillet 2016 22:56:00 +0300 Slawa Olhovchenkov > > wrote: > > | On Mon, Jul 11, 2016 at 03:00:39PM -0400, Jung-uk Kim wrote: > > |> > .if (

Re: GOST in OPENSSL_BASE

2016-07-18 Thread Jung-uk Kim
On 07/18/16 08:12 AM, Mathieu Arnold wrote: > Hi, > > +--On 11 juillet 2016 22:56:00 +0300 Slawa Olhovchenkov > wrote: > | On Mon, Jul 11, 2016 at 03:00:39PM -0400, Jung-uk Kim wrote: > |> > .if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && > |> > ${SSL_DEFAULT} ==

Re: GOST in OPENSSL_BASE

2016-07-18 Thread Mathieu Arnold
Hi, +--On 11 juillet 2016 22:56:00 +0300 Slawa Olhovchenkov wrote: | On Mon, Jul 11, 2016 at 03:00:39PM -0400, Jung-uk Kim wrote: |> > .if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && |> > ${SSL_DEFAULT} == base BROKEN= OpenSSL from the base system does not |> >

Re: GOST in OPENSSL_BASE

2016-07-12 Thread Kevin Oberman
On Tue, Jul 12, 2016 at 5:33 AM, Daniel Kalchev wrote: > > > On 12.07.2016 г., at 13:26, Franco Fichtner > wrote: > > > > > >> On 12 Jul 2016, at 11:59 AM, Daniel Kalchev wrote: > >> > >> It is trivial to play MTIM with this protocol

Re: GOST in OPENSSL_BASE

2016-07-12 Thread Daniel Kalchev
> On 12.07.2016 г., at 13:26, Franco Fichtner wrote: > > >> On 12 Jul 2016, at 11:59 AM, Daniel Kalchev wrote: >> >> It is trivial to play MTIM with this protocol and in fact, there are >> commercially available “solutions” for “securing one’s

Re: GOST in OPENSSL_BASE

2016-07-12 Thread Andrey Chernov
On 12.07.2016 12:59, Daniel Kalchev wrote: > The standard HTTPS implementation is already sufficiently broken, with the > door wide open by the concept of “multiple CAs”. The protocol design is > flawed, as any CA can issue certificate for any site. Applications are > required to trust that

Re: GOST in OPENSSL_BASE

2016-07-12 Thread Franco Fichtner
> On 12 Jul 2016, at 11:59 AM, Daniel Kalchev wrote: > > It is trivial to play MTIM with this protocol and in fact, there are > commercially available “solutions” for “securing one’s corporate network” > that doe exactly that. Some believe this is with the knowledge and

Re: GOST in OPENSSL_BASE

2016-07-12 Thread Franco Fichtner
> On 12 Jul 2016, at 11:59 AM, Daniel Kalchev wrote: > > It is trivial to play MTIM with this protocol and in fact, there are > commercially available “solutions” for “securing one’s corporate network” > that doe exactly that. Some believe this is with the knowledge and

Re: GOST in OPENSSL_BASE

2016-07-12 Thread Daniel Kalchev
> On 12.07.2016 г., at 12:12, Matthew Seaman wrote: > > I'm also curious as to how far these regulations are supposed to extend. > Presumably traffic which is merely transiting Russian territory isn't > covered, at least in a practical sense. How about people from Russia >

Re: GOST in OPENSSL_BASE

2016-07-12 Thread Andrey Chernov
On 12.07.2016 12:16, Andrey Chernov wrote: > On 12.07.2016 8:48, Kevin Oberman wrote: >> >> May be need file PR for dns/bind910? >> >> >> >> # grep -3 BROK /poudriere/ports/default/dns/bind910/Makefile >> >> .include http://bsd.port.pre.mk>> >> >> >> >> .if (

Re: GOST in OPENSSL_BASE

2016-07-12 Thread Andrey Chernov
On 12.07.2016 8:48, Kevin Oberman wrote: > >> May be need file PR for dns/bind910? > >> > >> # grep -3 BROK /poudriere/ports/default/dns/bind910/Makefile > >> .include http://bsd.port.pre.mk>> > >> > >> .if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && >

Re: GOST in OPENSSL_BASE

2016-07-12 Thread Matthew Seaman
On 07/12/16 06:48, Kevin Oberman wrote: > In case people are not aware of it, Russian law now requires ALL encrypted > traffic must either be accessible by the FSB or that the private keys must > be available to the FSB. I have always assumed that GOST has a hidden > vulnerability/backdoor that

Re: GOST in OPENSSL_BASE

2016-07-12 Thread Kevin Oberman
On Mon, Jul 11, 2016 at 3:51 PM, Andrey Chernov wrote: > On 12.07.2016 1:44, Andrey Chernov wrote: > > On 11.07.2016 21:41, Slawa Olhovchenkov wrote: > >> On Mon, Jul 11, 2016 at 02:28:45PM -0400, Jung-uk Kim wrote: > >> > >>> On 07/10/16 10:10 AM, Andrey Chernov wrote: >

Re: GOST in OPENSSL_BASE

2016-07-11 Thread Andrey Chernov
On 12.07.2016 1:44, Andrey Chernov wrote: > On 11.07.2016 21:41, Slawa Olhovchenkov wrote: >> On Mon, Jul 11, 2016 at 02:28:45PM -0400, Jung-uk Kim wrote: >> >>> On 07/10/16 10:10 AM, Andrey Chernov wrote: On 10.07.2016 16:30, Slawa Olhovchenkov wrote: > I am surprised lack of support

Re: GOST in OPENSSL_BASE

2016-07-11 Thread Andrey Chernov
On 11.07.2016 21:41, Slawa Olhovchenkov wrote: > On Mon, Jul 11, 2016 at 02:28:45PM -0400, Jung-uk Kim wrote: > >> On 07/10/16 10:10 AM, Andrey Chernov wrote: >>> On 10.07.2016 16:30, Slawa Olhovchenkov wrote: I am surprised lack of support GOST in openssl-base. Can be this enabled

Re: GOST in OPENSSL_BASE

2016-07-11 Thread Andrey Chernov
On 11.07.2016 23:13, Slawa Olhovchenkov wrote: > On Mon, Jul 11, 2016 at 07:48:44PM +0300, Andrey Chernov wrote: > >> On 11.07.2016 19:29, Slawa Olhovchenkov wrote: >>> On Mon, Jul 11, 2016 at 11:04:33AM -0500, Mark Felder wrote: >>> On Mon, Jul 11, 2016, at 05:29, Slawa

Re: GOST in OPENSSL_BASE

2016-07-11 Thread Slawa Olhovchenkov
On Mon, Jul 11, 2016 at 07:48:44PM +0300, Andrey Chernov wrote: > On 11.07.2016 19:29, Slawa Olhovchenkov wrote: > > On Mon, Jul 11, 2016 at 11:04:33AM -0500, Mark Felder wrote: > > > >> > >> > >> On Mon, Jul 11, 2016, at 05:29, Slawa Olhovchenkov wrote: > >>> > >>> I.e. GOST will be available

Re: GOST in OPENSSL_BASE

2016-07-11 Thread Slawa Olhovchenkov
On Mon, Jul 11, 2016 at 03:00:39PM -0400, Jung-uk Kim wrote: > On 07/11/16 02:41 PM, Slawa Olhovchenkov wrote: > > On Mon, Jul 11, 2016 at 02:28:45PM -0400, Jung-uk Kim wrote: > > > >> On 07/10/16 10:10 AM, Andrey Chernov wrote: > >>> On 10.07.2016 16:30, Slawa Olhovchenkov wrote: > I am

Re: GOST in OPENSSL_BASE

2016-07-11 Thread Jung-uk Kim
On 07/11/16 02:41 PM, Slawa Olhovchenkov wrote: > On Mon, Jul 11, 2016 at 02:28:45PM -0400, Jung-uk Kim wrote: > >> On 07/10/16 10:10 AM, Andrey Chernov wrote: >>> On 10.07.2016 16:30, Slawa Olhovchenkov wrote: I am surprised lack of support GOST in openssl-base. Can be this enabled

Re: GOST in OPENSSL_BASE

2016-07-11 Thread Slawa Olhovchenkov
On Mon, Jul 11, 2016 at 02:28:45PM -0400, Jung-uk Kim wrote: > On 07/10/16 10:10 AM, Andrey Chernov wrote: > > On 10.07.2016 16:30, Slawa Olhovchenkov wrote: > >> I am surprised lack of support GOST in openssl-base. > >> Can be this enabled before 11.0 released? > > > > AFAIK openssl maintainers

Re: GOST in OPENSSL_BASE

2016-07-11 Thread Jung-uk Kim
On 07/10/16 10:10 AM, Andrey Chernov wrote: > On 10.07.2016 16:30, Slawa Olhovchenkov wrote: >> I am surprised lack of support GOST in openssl-base. >> Can be this enabled before 11.0 released? > > AFAIK openssl maintainers says something like they can't support this > code and it will become

Re: GOST in OPENSSL_BASE

2016-07-11 Thread Jung-uk Kim
On 07/10/16 09:30 AM, Slawa Olhovchenkov wrote: > I am surprised lack of support GOST in openssl-base. > Can be this enabled before 11.0 released? It works for me, I think. The following change was all I need to enable the engine: --- /etc/ssl/openssl.cnf.orig +++ /etc/ssl/openssl.cnf @@ -13,6

Re: GOST in OPENSSL_BASE

2016-07-11 Thread Andrey Chernov
On 11.07.2016 19:29, Slawa Olhovchenkov wrote: > On Mon, Jul 11, 2016 at 11:04:33AM -0500, Mark Felder wrote: > >> >> >> On Mon, Jul 11, 2016, at 05:29, Slawa Olhovchenkov wrote: >>> >>> I.e. GOST will be available in openssl. >>> Under BSD-like license. >>> Can be this engine import in base

Re: GOST in OPENSSL_BASE

2016-07-11 Thread Kurt Jaeger
Hi! > > I.e. GOST will be available in openssl. > > Under BSD-like license. > > Can be this engine import in base system and enabled at time 1.1.0? > > And can be GOST enabled now? > I think the wrong question is being asked here. Instead we need to focus > on decoupling openssl from base so

Re: GOST in OPENSSL_BASE

2016-07-11 Thread Mark Felder
On Mon, Jul 11, 2016, at 05:29, Slawa Olhovchenkov wrote: > > I.e. GOST will be available in openssl. > Under BSD-like license. > Can be this engine import in base system and enabled at time 1.1.0? > And can be GOST enabled now? > I think the wrong question is being asked here. Instead we

Re: GOST in OPENSSL_BASE

2016-07-11 Thread Slawa Olhovchenkov
On Mon, Jul 11, 2016 at 11:04:33AM -0500, Mark Felder wrote: > > > On Mon, Jul 11, 2016, at 05:29, Slawa Olhovchenkov wrote: > > > > I.e. GOST will be available in openssl. > > Under BSD-like license. > > Can be this engine import in base system and enabled at time 1.1.0? > > And can be GOST

Re: GOST in OPENSSL_BASE

2016-07-11 Thread Slawa Olhovchenkov
On Sun, Jul 10, 2016 at 06:28:04PM +0300, Andrey Chernov wrote: > On 10.07.2016 18:13, Andrey Chernov wrote: > > On 10.07.2016 18:12, Andrey Chernov wrote: > >> On 10.07.2016 18:01, Slawa Olhovchenkov wrote: > >>> On Sun, Jul 10, 2016 at 05:10:04PM +0300, Andrey Chernov wrote: > >>> > On

Re: GOST in OPENSSL_BASE

2016-07-10 Thread Andrey Chernov
On 10.07.2016 18:28, Andrey Chernov wrote: > On 10.07.2016 18:13, Andrey Chernov wrote: >> On 10.07.2016 18:12, Andrey Chernov wrote: >>> On 10.07.2016 18:01, Slawa Olhovchenkov wrote: On Sun, Jul 10, 2016 at 05:10:04PM +0300, Andrey Chernov wrote: > On 10.07.2016 16:30, Slawa

Re: GOST in OPENSSL_BASE

2016-07-10 Thread Andrey Chernov
On 10.07.2016 18:13, Andrey Chernov wrote: > On 10.07.2016 18:12, Andrey Chernov wrote: >> On 10.07.2016 18:01, Slawa Olhovchenkov wrote: >>> On Sun, Jul 10, 2016 at 05:10:04PM +0300, Andrey Chernov wrote: >>> On 10.07.2016 16:30, Slawa Olhovchenkov wrote: > I am surprised lack of support

Re: GOST in OPENSSL_BASE

2016-07-10 Thread Andrey Chernov
On 10.07.2016 18:12, Andrey Chernov wrote: > On 10.07.2016 18:01, Slawa Olhovchenkov wrote: >> On Sun, Jul 10, 2016 at 05:10:04PM +0300, Andrey Chernov wrote: >> >>> On 10.07.2016 16:30, Slawa Olhovchenkov wrote: I am surprised lack of support GOST in openssl-base. Can be this enabled

Re: GOST in OPENSSL_BASE

2016-07-10 Thread Andrey Chernov
On 10.07.2016 18:01, Slawa Olhovchenkov wrote: > On Sun, Jul 10, 2016 at 05:10:04PM +0300, Andrey Chernov wrote: > >> On 10.07.2016 16:30, Slawa Olhovchenkov wrote: >>> I am surprised lack of support GOST in openssl-base. >>> Can be this enabled before 11.0 released? >> >> AFAIK openssl

Re: GOST in OPENSSL_BASE

2016-07-10 Thread Slawa Olhovchenkov
On Sun, Jul 10, 2016 at 05:10:04PM +0300, Andrey Chernov wrote: > On 10.07.2016 16:30, Slawa Olhovchenkov wrote: > > I am surprised lack of support GOST in openssl-base. > > Can be this enabled before 11.0 released? > > AFAIK openssl maintainers says something like they can't support this > code

GOST in OPENSSL_BASE

2016-07-10 Thread Slawa Olhovchenkov
I am surprised lack of support GOST in openssl-base. Can be this enabled before 11.0 released? Subject: svn commit: r412619 - in head/dns: bind9-devel bind910 bind99 Author: mat Date: Wed Apr 6 13:53:09 2016 New Revision: 412619 URL: https://svnweb.freebsd.org/changeset/ports/412619 Log: