To ensure compliance with high security environments, I would like to build my copy of openssl without support for the LOW and MEDIUM ciphers. After reviewing the various cipher and config options, I decided to use the following configuration:
./config zlib shared no-RC2 no-RC4 no-SEED no-IDEA no-DES This command line was acceptable to configure, but unfortunately the actual build process fails. Disabling any cipher results in a fatal error to the build when completing the make in ./crypto/(cipher). It appears to be a "bug" that the options to config are not correctly implemented to produce clean builds. It may also be that I am trying a configuration that was never expected, yet I believe is a reasonable choice. In that case this is perhaps an enhancement request - which could be implemented in a later version, and hopefully with a better UI, like "no-LOW no-MEDIUM". Certainly the DES choice should require very careful enhancements to the source, such that "des" would be disabled yet "des3" would still be supported. I do not have an answer for this mess at this time. If there is a solution in the configure or make steps of which I am not aware, please feel free to send me the information and I will test it. Thanks. Roch Skelton, PMP Security Administrator, HMS Host, Inc W: (240) 694-4110 C: (703) 945-0511 roch.skel...@hmshost.com _________________________ This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.
|
To ensure compliance with high security environments, I
would like to build my copy of openssl without support for the LOW and MEDIUM
ciphers. After reviewing the various cipher and config options, I decided to use
the following configuration: ./config zlib shared no-RC2 no-RC4
no-SEED no-IDEA no-DES This command line was acceptable to configure, but
unfortunately the actual build process fails. Disabling any cipher results in a
fatal error to the build when completing the make in ./crypto/(cipher). It appears to be a “bug” that the options to
config are not correctly implemented to produce clean builds. It may also be
that I am trying a configuration that was never expected, yet I believe is a
reasonable choice. In that case this is perhaps an enhancement request –
which could be implemented in a later version, and hopefully with a better UI,
like “no-LOW no-MEDIUM”. Certainly the DES choice should require
very careful enhancements to the source, such that “des” would be
disabled yet “des3” would still be supported. I do not have an
answer for this mess at this time. If there is a solution in the configure or
make steps of which I am not aware, please feel free to send me the information
and I will test it. Thanks. Roch Skelton, PMP Security Administrator, HMS Host, Inc W: (240) 694-4110 C: (703) 945-0511 roch.skel...@hmshost.com _________________________ |
