Author Topic: OpenSSL ciphers (Read 5544 times)

miac60 · « **on:** February 17, 2016, 01:15:18 pm »

Hi.
OPNsense with OpenSSL have preinstalled GOST engine.
It can be enabled in openssl.cnf.
My question: how to extend list of "Encryption algorithms" in Web UI when configuring OpenVPN server?

miac60 · « **Reply #1 on:** February 17, 2016, 02:02:29 pm »

Also information about using GOST engine in OpenSSL
http://www.cryptocom.ru/products/openssl-1-config-en.html

franco · « **Reply #2 on:** February 18, 2016, 07:15:09 am »

As far as I can see the options ZLIB and RFC3779 are not installed, but the SHARED library libgost.so is.

You'll probably have to edit /usr/local/etc/ssl/openssl.cnf according to the document. This file will not be overridden on firmware upgrades (openssl "owns" this file, but uses a sample file mechanism for safety).

If it works without ZLIB and RFC3779, that's good. If you're using custom builds and need the options you'll need to add the options to the build file:

https://github.com/opnsense/tools/blob/master/config/16.1/make.conf#L14

I am unsure about flipping these options on by default, I don't know what they do yet. This will require some research and discussion here.

miac60 · « **Reply #3 on:** February 18, 2016, 12:13:53 pm »

We make some kind of custom build, just replace openssl lib with another one.
And now "openssl ciphers" show GOST. And we want add this ciphers in WebUI.
Unfortunately GOST ciphers does not work without RFC3779 and Zlib.

Author Topic: OpenSSL ciphers (Read 5544 times)

miac60

OpenSSL ciphers

miac60

Re: OpenSSL ciphers

franco

Re: OpenSSL ciphers

miac60

Re: OpenSSL ciphers