Closed tomato42 closed 9 years ago
ok, I think I've got it
it's necessary to add --openssldir=./
to ./Configure
, and then create in CWD openssl.cnf
file with following contents:
openssl_conf = openssl_def
[openssl_def]
engines = engine_section
[engine_section]
gost = gost_section
[gost_section]
engine_id = gost
default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
Could you add this to README?
Am 24. Mai 2015 16:03:46 MESZ, schrieb Hubert Kario notifications@github.com:
I've built openssl using the 24d8376b27ea commit, and I'm unable to enable the GOST ciphers.
I've built it like this:
./Configure linux-x86_64 enable-static-engine \ enable-ec_nistp_64_gcc_128 enable-gost enable-idea enable-md2 enable-rc5 enable-rfc3779\ enable-ssl-trace enable-ssl2 enable-ssl3 enable-zlib experimental-jpake \ no-zlib-dynamic make depend make
Unfortunately, openssl doesn't report the ciphers as enabled/available:
$ ./apps/openssl ciphers ALL:COMPLEMENTOFALL:aGOST | grep GOST || echo failure failure
Reply to this email directly or view it on GitHub: https://github.com/PeterMosmans/openssl/issues/20
GOST support comes via engine. You need to write a config file for it and e.g load it via OPENSSL_CNF=myconfigfile. See e.g code of testssl.sh .
B, Dirk
ah, yeah, the OPENSSL_CONF
may be an even better workaround, thanks @drwetter !
Thanks @tomato42, I'll add this to the readme.
Added in fb786ae98487bfecd73a6b1c1aea074002538e27
I've built openssl using the 24d8376b27ea commit, and I'm unable to enable the GOST ciphers.
I've built it like this:
Unfortunately, openssl doesn't report the ciphers as enabled/available: