Hello list gurus,
for my embedded system, I want to have an OpenSSL lib with only the
barely necessary functionality to speak with its home station. So I
decided to only support TLSv1, and (in accordance with Rescorla's
recommendation on p.142) only RSA, RC4 and SHA-1.
Now the OpenSSL Configure script (version 0.9.7g) has for TLSv1 (and for
SSLv3 the requirements are even wider):
$no_tls1=1 if ($no_md5 || $no_sha);
$no_tls1=1 if ($no_dh);
So, even if we only want RSA and RC4 and SHA-1, I must still configure
MD5 and DH. I succeed in disabling DSA, DES and AES (although these
require insertion of some #ifndef OPENSSL_NO_DES etc), but I cannot
disable ASN1 or PKCS7.
Questions:
Why cannot TLSv1 run without MD5 or DH?
Why cannot I configure out ASN1 or PKCS7?
Thanks for the enlightenment,
Rutger Hofman
Amsterdam
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
