From 250a6755a84bec0e71b00f29b768db3418c623a6 Mon Sep 17 00:00:00 2001 From: Dirk Wetter Date: Thu, 5 Feb 2015 09:22:01 +0100 Subject: [PATCH] Update Readme.md new stable 1.0.2 branch, also with 4 more ciphers --- .../openssl-1.0.2-chacha.pm/Readme.md | 27 ++++++++++++++----- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/openssl-bins/openssl-1.0.2-chacha.pm/Readme.md b/openssl-bins/openssl-1.0.2-chacha.pm/Readme.md index 16f15a1..acd1ed5 100644 --- a/openssl-bins/openssl-1.0.2-chacha.pm/Readme.md +++ b/openssl-bins/openssl-1.0.2-chacha.pm/Readme.md @@ -19,8 +19,7 @@ work for me work correctly, it's also likely they'll disappear shortly General ------- -* 64 bit versions were compiled under Opensuse 12.3 -* 32 bit versions were compiled under Ubuntu 12.04 LTS +* 64+32 bit versions were compiled under Ubuntu 12.04 LTS Likely you cannot use older distributions, younger should work. I provide for each distributions two sets of binaries: @@ -47,23 +46,37 @@ If you want to compile OpenSSL yourself, here are the instructions: 2.) configure the damned thing. Options I used: -**for 64Bit:** +**for 64Bit including Kerberos ciphers:** ./config --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 \ enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \ enable-seed enable-camellia enable-idea enable-rfc3779 enable-ec_nistp_64_gcc_128 \ --with-krb5-flavor=MIT experimental-jpake + +**for 64Bit, static binaries:** -**for 32 Bit:** + ./config --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 \ + enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \ + enable-seed enable-camellia enable-idea enable-rfc3779 enable-ec_nistp_64_gcc_128 \ + -static experimental-jpake + +**for 32 Bit including Kerberos ciphers:** ./config --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 \ enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \ enable-seed enable-camellia enable-idea enable-rfc3779 no-ec_nistp_64_gcc_128 \ --with-krb5-flavor=MIT experimental-jpake + + **for 32 Bit, static binaries:** + + ./config --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 \ + enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \ + enable-seed enable-camellia enable-idea enable-rfc3779 no-ec_nistp_64_gcc_128 \ + -static experimental-jpake Don't use -DTEMP_GOST_TLS, it currently breaks things and it is not needed for general GOST [1] support. -If you don't have / don't want Kerberos libraries and devel rpms/debs, omit "--with-krb5-flavor=MIT". If you have other Kerberos flavors you need to figure out by yourself. +If you don't have / don't want Kerberos libraries and devel rpms/debs, omit "--with-krb5-flavor=MIT" (see examples). If you have other Kerberos flavors you need to figure out by yourself. 3.) make depend @@ -72,8 +85,8 @@ If you don't have / don't want Kerberos libraries and devel rpms/debs, omit "--w 5.) make report (check whether it runs ok) 6.) "./apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l" lists now for me -* 187(+4 GOST) ciphers -- including kerberos -* 173(+4 GOST) ciphers without kerberos +* 191(+4 GOST) ciphers -- including kerberos +* 177(+4 GOST) ciphers without kerberos as opposed to 111/109 from Ubuntu or Opensuse.