Closed tomato42 closed 9 years ago
tomato42
commented
9 years ago ok, I think I've got it
it's necessary to add --openssldir=./ to ./Configure, and then create in CWD openssl.cnf file with following contents:
openssl_conf = openssl_def
[openssl_def]
engines = engine_section
[engine_section]
gost = gost_section
[gost_section]
engine_id = gost
default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSetCould you add this to README?
drwetter
commented
9 years ago Am 24. Mai 2015 16:03:46 MESZ, schrieb Hubert Kario notifications@github.com:
I've built openssl using the 24d8376b27ea commit, and I'm unable to enable the GOST ciphers.
I've built it like this:
./Configure linux-x86_64 enable-static-engine \ enable-ec_nistp_64_gcc_128 enable-gost enable-idea enable-md2 enable-rc5 enable-rfc3779\ enable-ssl-trace enable-ssl2 enable-ssl3 enable-zlib experimental-jpake \ no-zlib-dynamic make depend makeUnfortunately, openssl doesn't report the ciphers as enabled/available:
$ ./apps/openssl ciphers ALL:COMPLEMENTOFALL:aGOST | grep GOST || echo failure failure
Reply to this email directly or view it on GitHub: https://github.com/PeterMosmans/openssl/issues/20
GOST support comes via engine. You need to write a config file for it and e.g load it via OPENSSL_CNF=myconfigfile. See e.g code of testssl.sh .
B, Dirk
tomato42
commented
9 years ago ah, yeah, the OPENSSL_CONF may be an even better workaround, thanks @drwetter !
PeterMosmans
commented
9 years ago Thanks @tomato42, I'll add this to the readme.
PeterMosmans
commented
9 years ago Added in fb786ae98487bfecd73a6b1c1aea074002538e27
I've built openssl using the 24d8376b27ea commit, and I'm unable to enable the GOST ciphers.
I've built it like this:
Unfortunately, openssl doesn't report the ciphers as enabled/available: