[erlang-questions] openssl cipher disabled

Tuncer Ayaz <>
Wed Aug 6 10:03:21 CEST 2014


On Tue, Aug 5, 2014 at 10:05 PM, Jesse Schoch wrote:
> I'm trying to compile 17.1 on a system that has obsolete ciphers
> disabled, such as RC2. I get the following error
>
> In file included from crypto.c:51:
> /usr/include/openssl/rc2.h:64:2: error: #error RC2 is disabled.
>
> It appears the function rc2_cbc_encrypt/3 can't compile. Can these
> functions be disabled based on the available ciphers in a hardened
> system?

Given the various actively maintained OpenSSL forks, it seems like
lib/crypto should autoconf-check availability of a lot of stuff and
use a generated config.h. This might also require partially or
completely disabling lib/{ssl, public_key, ...} functionality. The
changes in the forks and custom-compiled OpenSSL installs mean:

1. we either require OpenSSL with a certain set of features
2. and/or conditionalize features where feasible

The biggest issue I see is with the required build/test matrix.



More information about the erlang-questions mailing list