Closed vaygr closed 6 years ago
Thank you Vlad for the support request. The primary reason to use PeterMosmans openssl is to use deprecated/insecure ciphers and SSL versions for security scanning. New TLS libraries (e.g. golang) implementation doesn't support insecure cipher/ssl versions, and I believe the same with LibreSSL. Correct me if I'm wrong.
For portability, we tested it on MacOS and Linux natively and have Docker solution as well. Though not tested, i expect this tool to be easily be built on any platform supported by openssl.
Ah, right, I suspected it was the reason. Thanks.
So for packaging for our distro, I can simply re-use that OpenSSL tarball, and as I tested zlib and libevent system libraries work just fine and can be linked against.
Which distro are you referring?
It's pretty specific, Source Mage.
thanks!
It'd be great to be able to build tls-scan with LibreSSL as it'll improve portability by a lot.
There are several things here:
ASN1_TIME_diff()
in LibreSSL. Some simply backport that function for compatibility.COMP_METHOD
support it needs to have an additional<openssl/comp.h>
include, but there's noSSL_COMP_free_compression_methods()
though.SSL_get_server_tmp_key()
andX509_check_host()
didn't exist in older versions, but as of 2.5.5 they're there.SSLv2_client_method()
was dropped long time ago as an insecure and is not present in any version whatsoever.The most of these can be resolved by
ifdef
's I think.