I'm not sure you need to do anything in OpenSSL.When I build Apache against LibreSSL, I have access to ciphers in LibreSSL that are (or were) not in OpenSSL.
As long as your new cipher doesn't trigger any blacklists in the mod_ssl source it should be picked up and available as long as a client supports it too.
On 01/07/2017 07:41 PM, William Bathurst wrote:
Hello, I have created a custom version of Openssl v1.1 where I am testing a new cipher algorithm. I now wish to integrate and test in Apache HTTP. Where in the source code do I need update in order to get Apache HTTP to recognize the new cipher? I can list the new cipher using the "openssl ciphers" command: /usr/local/ssl/bin/openssl ciphers ECDHE-ECDSA-CIPHERTEST256-SHA256:ECDHE-RSA-CIPHERTEST256-SHA256:ECDHE-ECDSA-CIPHERTEST128-SHA256:ECDHE-RSA-CIPHERTEST128-SHA256:CIPHERTEST256-SHA256:CIPHERTEST128-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CCM8:.. I initially tried compiling 2.4 with the custom OpenSSL and then listing the new ciphers in the SSLCipherSuite directive but they were not recognized. NOTES: Server version: Apache/2.4.24-dev (Unix) Server built: Jan 8 2017 00:11:07 OpenSSL 1.1.1-TEST-dev xx XXX xxxx Thanks in advance!
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|