Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.1 Legacy Series
»
[SOLVED] LibreSSL flavour chosen - but dashboard shows openSSL status
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] LibreSSL flavour chosen - but dashboard shows openSSL status (Read 8539 times)
chemlud
Hero Member
Posts: 2454
Karma: 112
[SOLVED] LibreSSL flavour chosen - but dashboard shows openSSL status
«
on:
June 08, 2016, 11:53:57 am »
Hi!
On 16.1.16 i386 nano I changed from openSSL to libreSSL "flavour" in the general settings, did a reboot, but afterward in the Dasboard I still see the openSSL version, not libreSSL. How to verify which SSL I'm currently using?
Update:
OOpppps, sorry, I pressed the UPDATE button and saw that libreSSL was not already installed, so doing my homework now ;-)
«
Last Edit: June 08, 2016, 07:52:49 pm by chemlud
»
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
franco
Administrator
Hero Member
Posts: 17473
Karma: 1587
Re: LibreSSL flavour chosen - but sahboard shows openSSL status
«
Reply #1 on:
June 08, 2016, 05:50:34 pm »
Yes, sorry, the new firmware GUI improvements will make this clearer with 16.7 onwards. The FreeBSD ports ecosystem requires to separate repositories to make OpenSSL and LibreSSL work.
Logged
chemlud
Hero Member
Posts: 2454
Karma: 112
Re: [SOLVED] LibreSSL flavour chosen - but dashboard shows openSSL status
«
Reply #2 on:
June 08, 2016, 05:58:39 pm »
...with libreSSL (even after another reboot) my openVPN tunnel to a pfsense 2.3.1_1 server (pre-shared key) did not come back. Switched back to openSSL for the while, tunnel back to normal.
Coincidence or might it be related to libreSSL and openSSL not playing nice together?
«
Last Edit: June 08, 2016, 07:53:04 pm by chemlud
»
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
franco
Administrator
Hero Member
Posts: 17473
Karma: 1587
Re: [SOLVED] LibreSSL flavour chosen - but dashboard shows openSSL status
«
Reply #3 on:
June 10, 2016, 06:48:59 pm »
It sounds like the latter, which would be a bug. What ciphers/algos are used?
I do hope this is not a regression from LibreSSL 2.2 -> 2.3, but I'm thinking you didn't run 2.2.x previously, right? Since 16.1.16, we have the newer LibreSSL.
Logged
chemlud
Hero Member
Posts: 2454
Karma: 112
Re: [SOLVED] LibreSSL flavour chosen - but dashboard shows openSSL status
«
Reply #4 on:
June 10, 2016, 06:56:00 pm »
Peer-to-peer, UDP, tun
AES-256-CBC
SHA512
More info needed? :-)
No, never tried LibreSSL before...
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
franco
Administrator
Hero Member
Posts: 17473
Karma: 1587
Re: [SOLVED] LibreSSL flavour chosen - but dashboard shows openSSL status
«
Reply #5 on:
June 10, 2016, 07:17:28 pm »
I don't know yet. Took a peek at the release notes for 2.3, but nothing serious.
Changing cipher/hash to see if that makes a difference would help narrow it down, but only if you have some time to play with it.
Is this a pfSense with AESNI support on the other side?
Logged
chemlud
Hero Member
Posts: 2454
Karma: 112
Re: [SOLVED] LibreSSL flavour chosen - but dashboard shows openSSL status
«
Reply #6 on:
June 10, 2016, 07:55:38 pm »
nope, an Openvox IPC110 with i386 full from one of these notorious dealers ;-)
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
franco
Administrator
Hero Member
Posts: 17473
Karma: 1587
Re: [SOLVED] LibreSSL flavour chosen - but dashboard shows openSSL status
«
Reply #7 on:
June 23, 2016, 11:20:41 am »
The only thing that I can come up with here is that the LibreSSL i386 build is misbehaving. They do have lots of tests, but from current experiences with OpenBSD i386 it can lag behind in care.
It's probably out of the question to run a LibreSSL test with amd64, but it would be needed to confirm before reporting it upstream.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.1 Legacy Series
»
[SOLVED] LibreSSL flavour chosen - but dashboard shows openSSL status