Hi Rich,
I am using OpenSSL 1.0.2h. And I am trying to strip off unused hardware support. I tried using the options mentioned for 1.0.1e which I have explained in the previous mail.
They dont seems to work for 1.0.2h. Hence I wanted to know what would be the best way to remove the unsupported hardware
like aep, chill, cswift etc from compilation.
Regards
Jayalakshmi
On Thu, Nov 2, 2017 at 4:38 PM, Jayalakshmi bhat <bhat.jayalakshmi@xxxxxxxxx> wrote:
Hi Matt,Thanks for the reply. We dont want to turn off the engine fully. We have TPM chip, that is part of OpenSSL. I just want to turn off default available hardware usingno-hw-4758-cca no-hw-aep no-hw-atalla no-hw-chil no-hw-cswift no-hw-ibmca no- hw-ncipher no-hw-nuron no-hw- padlock no-hw-sureware no-hw- ubsecno-hw-zencod. However as of now using the above values with ./Configure is not turning off the compilation of the other hardware components.RegardsJayaOn Thu, Nov 2, 2017 at 3:56 PM, Matt Caswell <matt@xxxxxxxxxxx> wrote:
On 02/11/17 07:07, Jayalakshmi bhat wrote:
> Hi Matt,
>
> Thanks a lot for the response. Sorry for the delayed reply. I was out of
> office for a while. This helped me. However I am not seeing option to
> remove unwanted engine files to go away from compilation. OpenSSL 1.01x
> method
> (no-hw no-hw-4758-cca no-hw-aep no-hw-atalla no-hw-chil no- Hmmm - that looks like a possible bug to me. I think that should workhw-cswift no-hw-ibmca no-hw- ncipher no-hw-nuron no-hw-padl ock no-hw-sureware no-hw-ubsec no-hw-zencod)
> does not seems to work. Is there any way to do it?
(Richard Levitte may be able to comment).
You can also use no-engine which switches off engine support altogether
Matt
>
>
> Regards
> Jayalakshmi
>
> On Thu, Oct 26, 2017 at 4:09 PM, Matt Caswell <matt@xxxxxxxxxxx
> <mailto:matt@xxxxxxxxxxx>> wrote:
>
>
>
> On 25/10/17 18:02, Jayalakshmi bhat wrote:
> > Hi Matt,
> >
> > Thanks a lot. This helps me. I had seen different options for OpenSSL
> > 1.0.1e versions. Hence had some confusions.
> > Does this means, options specified here only can be used for OpenSSL
> > 1.0.2x releases.
>
> The INSTALL file is specific to a release. Many options are applicable
> to both 1.0.1 and 1.0.2 but there may be some differences. We did quite
> a bit of work on the INSTALL file in the latest 1.1.0 release to make
> sure all options were documented properly. That happened after the 1.0.2
> release so it could be the case that there are some options that are
> undocumented in 1.0.2.
>
> Matt
>
> >
> > Regards
> > Jayalakshmi
> >
> > On Tue, Oct 24, 2017 at 2:31 PM, Matt Caswell <matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx>
> > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx>>> wrote:
> >
> >
> >
> > On 24/10/17 07:06, Jayalakshmi bhat wrote:
> > > Hi All,
> > >
> > > I am looking for details on options used to disable or remove unwanted
> > > ciphers, components while openssl building. This is for OpenSSL 1.0.2h.
> > > I am seeing many things on internet. But most of them have minimum
> > > explanation, please can you tell me is there any link that I can refer.
> >
> > Have you looked in INSTALL?
> >
> > https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stabl e/INSTALL
> <https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stab >le/INSTALL
> > <https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stab le/INSTALL
> <https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stab >>le/INSTALL
> >
> > Matt
> >
> > --
> > openssl-users mailing list
> > To unsubscribe:
> > https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users >
> > <https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users >>
> >
> >
> >
> >
> --
> openssl-users mailing list
> To unsubscribe:
> https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users >
>
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
