GOST in OPENSSL_BASE
Andrey Chernov
ache at freebsd.org
Sun Jul 10 15:37:02 UTC 2016
On 10.07.2016 18:28, Andrey Chernov wrote:
> On 10.07.2016 18:13, Andrey Chernov wrote:
>> On 10.07.2016 18:12, Andrey Chernov wrote:
>>> On 10.07.2016 18:01, Slawa Olhovchenkov wrote:
>>>> On Sun, Jul 10, 2016 at 05:10:04PM +0300, Andrey Chernov wrote:
>>>>
>>>>> On 10.07.2016 16:30, Slawa Olhovchenkov wrote:
>>>>>> I am surprised lack of support GOST in openssl-base.
>>>>>> Can be this enabled before 11.0 released?
>>>>>
>>>>> AFAIK openssl maintainers says something like they can't support this
>>>>> code and it will become rotten shortly with new changes, so they drop it.
>>>>>
>>>>
>>>> Upstream or FreeBSD maintainers?
>>>>
>>>
>>> Openssl maintainers.
>>>
>> I.e. upstream.
>>
> They mean built-in one, dropped from openssl 1.1.0 and above. It is
> still available as 3rd party at:
> https://github.com/gost-engine/engine
>
>From their Changelog:
*) The GOST engine was out of date and therefore it has been removed. An
up to date GOST engine is now being maintained in an external
repository. See: https://wiki.openssl.org/index.php/Binaries. Libssl
still retains support for GOST ciphersuites (these are only activated if
a GOST engine is present).
[Matt Caswell]
More information about the freebsd-security
mailing list