Hi All,
I am looking for details on options used to disable or remove unwanted
ciphers, components while openssl building. This is for OpenSSL 1.0.2h. I
am seeing many things on internet. But most of them have minimum
explanation, please can you tell me is there any link that I can refer.
Regards
OpenSSL - Dev mailing list wrote
>>@Victor; Are you saying so that the patches that enabled the GOST
> ciphersuite be added are not included in openSSL? If so, would that
> mean
> it's not possible for me to fork off openSSL and follow the GOST
> template?
>
> Not quite. He’s
On Mon, Oct 23, 2017 at 4:54 PM, Salz, Rich via openssl-dev <
openssl-dev@openssl.org> wrote:
> ➢ Really, about a ten years ago, when we first developed GOST engine, we
> have made patches, that allow to add ciphersuites dynamically.
> Unfortunately, that time core team haven't accepted th
>@Victor; Are you saying so that the patches that enabled the GOST
ciphersuite be added are not included in openSSL? If so, would that mean
it's not possible for me to fork off openSSL and follow the GOST template?
Not quite. He’s saying that adding new crypto to TLS requires
➢ Really, about a ten years ago, when we first developed GOST engine, we
have made patches, that allow to add ciphersuites dynamically.
Unfortunately, that time core team haven't accepted these patches.
Do you still have them available? We might make a different choice now …
--
open
Thanks for the replies guys.
I'm happy enough to work on a separate fork. This is a research endevour so
it's not critical that I get something integrated into the master openSSL
branch. I don't see there being a significant enough user base anyway for
anything to get added into core libssl.
@Vic
On Mon, 23 Oct 2017 04:51:01 -0700 (MST)
APOB83 wrote:
> Hi,
>
> I've noticed the following statement in another thread here...
>
> *May I suggest you have a look at the GOST engine? It does implement
> the algorithm entirely in the engine. The only things added in the
> OpenSSL code are th
On 23/10/17 12:51, APOB83 wrote:
> Hi,
>
> I've noticed the following statement in another thread here...
>
> *May I suggest you have a look at the GOST engine? It does implement
> the algorithm entirely in the engine. The only things added in the
> OpenSSL code are the OIDs (not strictly n
Hi,
I've noticed the following statement in another thread here...
*May I suggest you have a look at the GOST engine? It does implement
the algorithm entirely in the engine. The only things added in the
OpenSSL code are the OIDs (not strictly necessary) and the TLS
ciphersuites (I don't thin
