Hello,
I want to disable SSLv3 for a tomcat / tcnative deployment on Windows.
Tomcat lacks the ablitity to disable SSLv3 while retaining TLSv1.1 and
TLSv1.2, so I'm attempting to disable SSLv3 at build time with no-ssl3.
This was successful on Linux, but not on Windows. I was able to build
on Windows with the following procedure.
1.
Install Strawbery perl
2.
Open Visual Studio x64 Cross Tools Command prompt
%comspec% /k "C:\Program Files (x86)\Microsoft Visual Studio
9.0\VC\vcvarsall.bat" x86_amd64
3.
Change to the directory containing openssl sources
cd C:\openssl-1.0.1j
4.
Configure the openssl build
perl Configure VC-WIN64A no-ssl2
5.
Prepare the target environment
ms\do_win64a
6.
Clean up previous compliation
nmake -f ms\nt.mak clean
7.
Build
nmake -f ms\nt.mak
8.
Test the build
nmake -f ms\nt.mak test
Once I add the no-ssl3 option, compilation of the 64-bit static library
fails with the following.
Building OpenSSL
lib /nologo /out:out32\ssleay32.lib
@C:\Users\arthurr\AppData\Local\Temp\nm96B5.tmp
link /nologo /subsystem:console /opt:ref /debug
/out:out32\constant_time_test.exe
@C:\Users\arthurr\AppData\Local\Temp\nm96D5.tmp
LINK : fatal error LNK1181: cannot open input file 'out32\ssleay32.lib'
NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio
9.0\VC\BIN\x86_amd64\link.EXE"' : return code '0x49d'
Stop.
I see there was a fix for no-ssl3 in 1.0.1j, but it may still be an
issue with Windows builds?
--
Arthur Ramsey
Systems Administrator
Mediture
arthur_ram...@mediture.com
952.400.0323
This e-mail and any attachments may contain CONFIDENTIAL information, including
PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or
disclosure of this information is STRICTLY PROHIBITED; you are requested to
delete this e-mail and any attachments, notify the sender immediately, and
notify the Mediture Privacy Officer atprivacyoffi...@mediture.com.