Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-09 18:20:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

- formatting corrected

Browse Source
This commit is contained in:
Dirk Wetter 2014-07-04 12:15:13 +02:00
parent 68ab11cc12
commit 5cd655eeaa
1 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
openssl-bins/openssl-1.0.2-chacha.pm/Readme.md
View File

@ -9,8 +9,10 @@ from official OpenSSL git repo doesn't work correctly and is not supported
(https://www.mail-archive.com/openssl-dev@openssl.org/msg34756.html) (https://www.mail-archive.com/openssl-dev@openssl.org/msg34756.html)
>
> $ git clone https://github.com/PeterMosmans/openssl > $ git clone https://github.com/PeterMosmans/openssl
> $ cd openssl > $ cd openssl
>
General instructions General instructions
-------------------- --------------------
@ -19,19 +21,20 @@ General instructions
* 32 bit version was compiled under Ubuntu 12.04 LTS * 32 bit version was compiled under Ubuntu 12.04 LTS
In addition to the binaries statically linked binaries I provide -- except a few In addition to the binaries statically linked binaries I provide -- except a few
libs which are nowadays sometimes hard to link -- I compiled a set of libs which are nowadays sometimes hard to statically link in -- I compiled a set of
dynamic binaries. The catch here are the Kerberos libs: No Linux dynamic binaries. The catch here are the Kerberos libs: No Linux
distributor privides static libs. As of now I feel to lazy to compile distributor privides static libs. As of now I feel to lazy to compile
MIT or KTH from scratch to get statitic libs. MIT or KTH from scratch to get statitic libs.
So for the kerberos binaries I provide you need a whopping bunch of libraries which So for the kerberos binaries I provide (openssl??-1.0.2pm-krb5*) you need a whopping bunch of
you maybe need to install (libgssapi_krb5, libkrb5, libcom_err, libk5crypto, libkrb5support, kerberos libraries which you maybe need to install (libgssapi_krb5, libkrb5, libcom_err,
libkeyutils). For the 'static' binaries kerberos is not compiled in, so that's is not needed. libk5crypto, libkrb5support, libkeyutils). For the 'static' binaries kerberos is not compiled in, so that's is not needed.
If you want to compile OpenSSL yourself, here are the instructions: If you want to compile OpenSSL yourself, here are the instructions:
0.) apply experimental-features.patch (otherwise you miss the experimental features) 0.) apply experimental-features.patch (otherwise you miss the experimental features)
1.) apply openssl-telnet-starttls.patch and openssl-telnet-starttls.patch 1.) apply openssl-telnet-starttls.patch and openssl-xmpp-starttls-fix.patch
(provided by Stefan Zehl, thx!). (provided by Stefan Zehl, thx!).
3.) configure the damned thing. Options I used: 3.) configure the damned thing. Options I used:
@ -39,23 +42,25 @@ If you want to compile OpenSSL yourself, here are the instructions:
* for 64Bit: * for 64Bit:
>./config --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa enable-seed enable-camellia enable-idea enable-rfc3779 enable-ec_nistp_64_gcc_128 --with-krb5-flavor=MIT experimental-jpake >./config --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa enable-seed enable-camellia enable-idea enable-rfc3779 enable-ec_nistp_64_gcc_128 --with-krb5-flavor=MIT experimental-jpake
* for 32 Bit: > * for 32 Bit:
./config --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa enable-seed enable-camellia enable-idea enable-rfc3779 no-ec_nistp_64_gcc_128 --with-krb5-flavor=MIT experimental-jpake > ./config --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa enable-seed enable-camellia enable-idea enable-rfc3779 no-ec_nistp_64_gcc_128 --with-krb5-flavor=MIT experimental-jpake
Don't use -DTEMP_GOST_TLS, it breaks things! Don't use -DTEMP_GOST_TLS, it breaks things!
If you don't have Kerberos libraries and devel rpms/debs, omit "--with-krb5-flavor=MIT". If you don't have / don't want Kerberos libraries and devel rpms/debs, omit "--with-krb5-flavor=MIT".
If you have e.g. Heimdal --> figure out by yourself. If you have other Kerberos flavors you need to figure out by yourself.
For real GOST cipher [1] support you need to built static libs as the crypto For real GOST cipher [1] support you need to built static libs as the crypto
engine is a shared lib (additional options: "shared -fPIC -DOPENSSL_PIC"). engine is a shared lib (additional options: "shared -fPIC -DOPENSSL_PIC"). I didn't
If you aiming at this you rather should compile everything with another prefix do that yet. If you aiming at this you rather should compile everything with another prefix
as you don't want your openssl binary to end up loading system libraries like libssl or as you don't want your openssl binary to end up loading system libraries like libssl or
libcrypto. Alternatively you can hack the Makefile and include those libcrypto. Alternatively you can hack the Makefile and include those
libs which you compiled statically as ".a". libs which you compiled statically as ".a".
4.) make depend 4.) make depend
5.) make 5.) make
6.) make report (check whether it runs ok) 6.) make report (check whether it runs ok)
7.) "openssl ciphers -V ALL:COMPLEMENTOFALL | wc -l" lists for me w/ kerberos and w/o GOST cipher engine 7.) "openssl ciphers -V ALL:COMPLEMENTOFALL | wc -l" lists for me w/ kerberos and w/o GOST cipher engine