Re: Wanted details on ./config or Configure options

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Rich,

I am using OpenSSL 1.0.2h. And I am trying to strip off unused hardware support. I tried using the options mentioned for 1.0.1e which I have explained in the previous mail.
They dont seems to work for 1.0.2h. Hence I wanted to know what would be the best way to remove the unsupported hardware 
like aep, chill, cswift etc from compilation.

Regards
Jayalakshmi



On Thu, Nov 2, 2017 at 4:38 PM, Jayalakshmi bhat <bhat.jayalakshmi@xxxxxxxxx> wrote:
Hi Matt,

Thanks for the reply. We dont want to turn off the engine fully. We have TPM chip, that is part of OpenSSL. I just want to turn off default available hardware using

no-hw-4758-cca no-hw-aep no-hw-atalla no-hw-chil no-hw-cswift no-hw-ibmca no-hw-ncipher no-hw-nuron no-hw-padlock no-hw-sureware no-hw-ubsec no-hw-zencod.

However as of now using the above values with ./Configure is not turning off the compilation of the other hardware components.

Regards
Jaya

On Thu, Nov 2, 2017 at 3:56 PM, Matt Caswell <matt@xxxxxxxxxxx> wrote:


On 02/11/17 07:07, Jayalakshmi bhat wrote:
> Hi Matt,
>
> Thanks a lot for the response. Sorry for the delayed reply. I was out of
> office for a while. This helped me.  However I am not seeing option to
> remove unwanted engine files to go away from compilation. OpenSSL 1.01x
> method
> (no-hw no-hw-4758-cca no-hw-aep no-hw-atalla no-hw-chil no-hw-cswift no-hw-ibmca no-hw-ncipher no-hw-nuron no-hw-padlock no-hw-sureware no-hw-ubsec no-hw-zencod)
> does not seems to work. Is there any way to do it?

Hmmm - that looks like a possible bug to me. I think that should work
(Richard Levitte may be able to comment).

You can also use no-engine which switches off engine support altogether

Matt

>
>
> Regards
> Jayalakshmi
>
> On Thu, Oct 26, 2017 at 4:09 PM, Matt Caswell <matt@xxxxxxxxxxx
> <mailto:matt@xxxxxxxxxxx>> wrote:
>
>
>
>     On 25/10/17 18:02, Jayalakshmi bhat wrote:
>     > Hi Matt,
>     >
>     > Thanks a lot. This helps me. I had seen different options for OpenSSL
>     > 1.0.1e versions. Hence had some confusions.
>     > Does this means, options specified here only can be used for OpenSSL
>     > 1.0.2x releases.
>
>     The INSTALL file is specific to a release. Many options are applicable
>     to both 1.0.1 and 1.0.2 but there may be some differences. We did quite
>     a bit of work on the INSTALL file in the latest 1.1.0 release to make
>     sure all options were documented properly. That happened after the 1.0.2
>     release so it could be the case that there are some options that are
>     undocumented in 1.0.2.
>
>     Matt
>
>     >
>     > Regards
>     > Jayalakshmi
>     >
>     > On Tue, Oct 24, 2017 at 2:31 PM, Matt Caswell <matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx>
>     > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx>>> wrote:
>     >
>     >
>     >
>     >     On 24/10/17 07:06, Jayalakshmi bhat wrote:
>     >     > Hi All,
>     >     >
>     >     > I am looking for details on options used to disable or remove unwanted
>     >     > ciphers, components while openssl building. This is for OpenSSL 1.0.2h.
>     >     > I am seeing many things on internet. But most of them have minimum
>     >     > explanation, please can you tell me is there any link that I can refer.
>     >
>     >     Have you looked in INSTALL?
>     >
>     >     https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL
>     <https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL>
>     >     <https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL
>     <https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL>>
>     >
>     >     Matt
>     >
>     >     --
>     >     openssl-users mailing list
>     >     To unsubscribe:
>     >     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >
>     >
>     >
>     >
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux