Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Development and Code Review
(Moderator:
fabian
) »
OpenSSL ciphers
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpenSSL ciphers (Read 5548 times)
miac60
Newbie
Posts: 22
Karma: 2
OpenSSL ciphers
«
on:
February 17, 2016, 01:15:18 pm »
Hi.
OPNsense with OpenSSL have preinstalled GOST engine.
It can be enabled in openssl.cnf.
My question: how to extend list of "Encryption algorithms" in Web UI when configuring OpenVPN server?
Logged
miac60
Newbie
Posts: 22
Karma: 2
Re: OpenSSL ciphers
«
Reply #1 on:
February 17, 2016, 02:02:29 pm »
Also information about using GOST engine in OpenSSL
http://www.cryptocom.ru/products/openssl-1-config-en.html
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: OpenSSL ciphers
«
Reply #2 on:
February 18, 2016, 07:15:09 am »
As far as I can see the options ZLIB and RFC3779 are not installed, but the SHARED library libgost.so is.
You'll probably have to edit /usr/local/etc/ssl/openssl.cnf according to the document. This file will not be overridden on firmware upgrades (openssl "owns" this file, but uses a sample file mechanism for safety).
If it works without ZLIB and RFC3779, that's good. If you're using custom builds and need the options you'll need to add the options to the build file:
https://github.com/opnsense/tools/blob/master/config/16.1/make.conf#L14
I am unsure about flipping these options on by default, I don't know what they do yet. This will require some research and discussion here.
«
Last Edit: February 18, 2016, 08:15:40 am by franco
»
Logged
miac60
Newbie
Posts: 22
Karma: 2
Re: OpenSSL ciphers
«
Reply #3 on:
February 18, 2016, 12:13:53 pm »
We make some kind of custom build, just replace openssl lib with another one.
And now "openssl ciphers" show GOST. And we want add this ciphers in WebUI.
Unfortunately GOST ciphers does not work without RFC3779 and Zlib.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Development and Code Review
(Moderator:
fabian
) »
OpenSSL ciphers