[erlang-questions] openssl cipher disabled
Tuncer Ayaz
tuncer.ayaz@REDACTED
Wed Aug 6 10:03:21 CEST 2014
On Tue, Aug 5, 2014 at 10:05 PM, Jesse Schoch wrote:
> I'm trying to compile 17.1 on a system that has obsolete ciphers
> disabled, such as RC2. I get the following error
>
> In file included from crypto.c:51:
> /usr/include/openssl/rc2.h:64:2: error: #error RC2 is disabled.
>
> It appears the function rc2_cbc_encrypt/3 can't compile. Can these
> functions be disabled based on the available ciphers in a hardened
> system?
Given the various actively maintained OpenSSL forks, it seems like
lib/crypto should autoconf-check availability of a lot of stuff and
use a generated config.h. This might also require partially or
completely disabling lib/{ssl, public_key, ...} functionality. The
changes in the forks and custom-compiled OpenSSL installs mean:
1. we either require OpenSSL with a certain set of features
2. and/or conditionalize features where feasible
The biggest issue I see is with the required build/test matrix.
More information about the erlang-questions
mailing list