mirror of
https://github.com/drwetter/testssl.sh.git
synced 2024-12-29 04:49:44 +01:00
bin mess cleanup contibued
This commit is contained in:
parent
49802e8a41
commit
4c52c4121b
@ -1,96 +0,0 @@
|
||||
|
||||
Compiling and Usage Instructions
|
||||
================================
|
||||
|
||||
The precompiled binaries provided here have extended support for everything
|
||||
which is normally not configured to be compiled (40+56 Bit, export/ANON ciphers, weak DH ciphers,
|
||||
SSLv2 etc.) -- all the dirty features needed for testing. OTOH the binaries also come with extended support for new / advanced cipher suites and/or features which are not (yet?) in the official branch.
|
||||
|
||||
The binaries in this directory are all compiled from an OpenSSL 1.0.2 fork
|
||||
from Peter Mosmans. He has patched the master git branch
|
||||
to support CHACHA20 + POLY1305 and other ciphers like CAMELIA 256 Bit.
|
||||
|
||||
The binary ``openssl-1.0.2pm.darwin.64``, based on Peter Mosmans 1.0.2b-dev, was borrowed with permission from Julien Vehent's cipherscan.
|
||||
|
||||
|
||||
|
||||
General
|
||||
-------
|
||||
|
||||
Both 64+32 bit Linux binaries were compiled under Ubuntu 12.04 LTS. Likely you
|
||||
cannot use them for older distributions, younger worked in my test environments. I provide
|
||||
for each distributions two sets of binaries:
|
||||
|
||||
* completely statically linked binaries
|
||||
* dynamically linked binaries, additionally with MIT Kerberos support ("krb5" in the name).
|
||||
They provide also KRB5-* and EXP-KRB5-* support (in OpenSSL terminology, see krb5-ciphers.txt).
|
||||
|
||||
For the latter you need a whopping bunch of kerberos runtime libraries which you maybe need to
|
||||
install from your distributor (libgssapi_krb5, libkrb5, libcom_err, libk5crypto, libkrb5support,
|
||||
libkeyutils). The 'static' binaries do not have MIT kerberos support as there are no
|
||||
static kerberos libs and I did not bother to compile them from the sources.
|
||||
|
||||
|
||||
Compilation instructions
|
||||
------------------------
|
||||
|
||||
If you want to compile OpenSSL yourself, here are the instructions:
|
||||
|
||||
1.) get openssl from Peter Mosmans' repo:
|
||||
|
||||
git clone https://github.com/PeterMosmans/openssl
|
||||
cd openssl
|
||||
|
||||
2.) configure the damned thing. Options I used (see https://github.com/drwetter/testssl.sh/blob/master/openssl-bins/make-openssl.sh)
|
||||
|
||||
**for 64Bit including Kerberos ciphers:**
|
||||
|
||||
./config --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 \
|
||||
enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \
|
||||
enable-seed enable-camellia enable-idea enable-rfc3779 enable-ec_nistp_64_gcc_128 \
|
||||
--with-krb5-flavor=MIT experimental-jpake -DOPENSSL_USE_BUILD_DATE -DTEMP_GOST_TLS
|
||||
|
||||
**for 64Bit, static binaries:**
|
||||
|
||||
./config --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 \
|
||||
enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \
|
||||
enable-seed enable-camellia enable-idea enable-rfc3779 enable-ec_nistp_64_gcc_128 \
|
||||
-static experimental-jpake -DOPENSSL_USE_BUILD_DATE -DTEMP_GOST_TLS
|
||||
|
||||
**for 32 Bit including Kerberos ciphers:**
|
||||
|
||||
./config --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 \
|
||||
enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \
|
||||
enable-seed enable-camellia enable-idea enable-rfc3779 no-ec_nistp_64_gcc_128 \
|
||||
--with-krb5-flavor=MIT experimental-jpake -DOPENSSL_USE_BUILD_DATE -DTEMP_GOST_TLS
|
||||
|
||||
**for 32 Bit, static binaries:**
|
||||
|
||||
./config --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 \
|
||||
enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \
|
||||
enable-seed enable-camellia enable-idea enable-rfc3779 no-ec_nistp_64_gcc_128 \
|
||||
-static experimental-jpake -DOPENSSL_USE_BUILD_DATE -DTEMP_GOST_TLS
|
||||
|
||||
Two GOST [1][2] ciphers (``GOST-GOST94``, ``GOST-MD5``) come with ``-DTEMP_GOST_TLS``, four additional come via openssl engine. ``-DTEMP_GOST_TLS`` on earlier versions of openssl broke things.
|
||||
|
||||
So the difference you maybe spotted: If you don't have / don't want Kerberos libraries and devel rpms/debs, omit "--with-krb5-flavor=MIT" (see examples).
|
||||
If you have another Kerberos flavor you would need to figure out by yourself.
|
||||
|
||||
3.) make depend
|
||||
|
||||
4.) make
|
||||
|
||||
5.) make report (check whether it runs ok!)
|
||||
|
||||
6.) "./apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l" lists now for me
|
||||
* 193(+4 GOST) ciphers -- including kerberos
|
||||
* 179(+4 GOST) ciphers without kerberos
|
||||
|
||||
as opposed to 111/109 from Ubuntu or Opensuse.
|
||||
|
||||
**Never use these binaries for anything other than testing**
|
||||
|
||||
Enjoy, Dirk
|
||||
|
||||
[1] https://en.wikipedia.org/wiki/GOST_%29block_cipher%29
|
||||
[2] http://fossies.org/linux/openssl/engines/ccgost/README.gost
|
Loading…
Reference in New Issue
Block a user