In message <[email protected]>, Matthew Pounse
tt writes:
>
> On 2012/07/08, at 20:29, Matthew Pounsett wrote:
>
> >=20
> > On 2012/07/08, at 20:26, Mark Andrews wrote:
> >=20
> >>=20
> >> One can also build named w/o GOST support if one wants. We =
> statically
> >> link all the engines when building named on Windows.
> >=20
> > Unfortunately the port doesn't provide the config hooks to disable =
> GOST support.
>
> Actually.. how do you go about doing that anyway? I was just taking a =
> look at writing a patch for the port to allow GOST to be turned off, but =
> BIND's configure script doesn't have any information in it about =
> disabling individual ciphers.
All the other ciphers are built into OpenSSL so they don't need configure
options.
./configure --with-gost=no
One can disable individual DNSSEC key algorithms at runtime via named.conf.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [email protected]
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
