In message <6a477852-8c67-421a-850c-7144a37b8...@conundrum.com>, Matthew Pounse tt writes: > > On 2012/07/08, at 20:29, Matthew Pounsett wrote: > > >=20 > > On 2012/07/08, at 20:26, Mark Andrews wrote: > >=20 > >>=20 > >> One can also build named w/o GOST support if one wants. We = > statically > >> link all the engines when building named on Windows. > >=20 > > Unfortunately the port doesn't provide the config hooks to disable = > GOST support. > > Actually.. how do you go about doing that anyway? I was just taking a = > look at writing a patch for the port to allow GOST to be turned off, but = > BIND's configure script doesn't have any information in it about = > disabling individual ciphers.
All the other ciphers are built into OpenSSL so they don't need configure options. ./configure --with-gost=no One can disable individual DNSSEC key algorithms at runtime via named.conf. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users