<div dir="ltr">Hi!<br><div class="gmail_extra"><br></div><div class="gmail_extra"><div class="gmail_quote">2014-10-03 1:31 GMT+02:00 Steve Davis <span dir="ltr"><<a href="mailto:steven.charles.davis@gmail.com" target="_blank">steven.charles.davis@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Hi Ingela,<div><br></div><div>Thanks for your responses. I was aware of the claimed legal issue, so I had already built openssl on that server from a pristine tarball (rather than the supplied rpms). I was frustrated and I could not understand why these ciphers still weren't appearing. </div><div><br></div><div>crypto:info_lib() supplied the answer... the erlang distro was still pointing at the FIPS compliant openssl libraries rather than the new openssl install... agh!</div><div><br></div></div></blockquote><div><br></div><div>Ah, well that was that function is for. Thank you for sharing the solution. From the information I got from your first mail the only conclusion I could draw was that it seemed to<br></div><div>be an OpenSSL issue on Redhat and not an Erlang issue, so I Googled that ... and the rest is history ;)<br></div><div><br><br></div><div>Regards Ingela Erlang/OTP team - Ericsson AB <br></div><div><br><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><div></div><div>If others face this issue:</div><div>1) before building openssl, export CFLAGS="-fDIC", at configure, invoke with the keyword "shared" then make and install as usual</div><div>2) once openssl is built and ec + ecparams commands are available, configure erlang with the explicit flag --with-ssl=/usr/local/ssl</div><div><br></div><div>regs,</div><div>/s</div><div><div class="h5"><div><br></div><div><br></div><div><div><div>On Oct 2, 2014, at 2:33 AM, Ingela Andin <<a href="mailto:ingela.andin@gmail.com" target="_blank">ingela.andin@gmail.com</a>> wrote:</div><br><blockquote type="cite"><div dir="ltr">Hi!<br><div><br><div><div class="gmail_extra"><div class="gmail_quote">2014-10-01 23:36 GMT+02:00 Steve Davis <span dir="ltr"><<a href="mailto:steven.charles.davis@gmail.com" target="_blank">steven.charles.davis@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="word-wrap:break-word"><div>...which doesn't address the issue?</div><div><div><br></div></div></div></blockquote><div><br>I think it does! It talks about problems that ECC, especially ECDH
support, was not available in some Red Hat distributions, it talks about
patent problems, and also<br>about that the issue was resolved, and that software using OpenSSL needed be recompiled after taking the update. I do not know exactly what will solve your problem but<br></div><div>upgrading your Red Hat distribution seems to be a good place to start!<br><br></div><div>Regards Ingela Erlang/OTP team - Ericsson AB<br></div><div><br> <br><br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="word-wrap:break-word"><div><div></div><div><div>On Oct 1, 2014, at 4:18 PM, Ingela Andin <<a href="mailto:ingela.andin@gmail.com" target="_blank">ingela.andin@gmail.com</a>> wrote:</div><br><blockquote type="cite"><div dir="ltr"><div>Hi!</div><div><br></div><div>Google suggest the following link:</div><div><br></div><a href="https://bugzilla.redhat.com/show_bug.cgi?id=319901" target="_blank">https://bugzilla.redhat.com/show_bug.cgi?id=319901</a><br><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">Regards Ingela Erlang/OTP Team - Ericsson AB </div><div class="gmail_extra"><br><div class="gmail_quote">2014-10-01 21:58 GMT+02:00 Steve Davis <span dir="ltr"><<a href="mailto:steven.charles.davis@gmail.com" target="_blank">steven.charles.davis@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="word-wrap:break-word"><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><div style="margin:0in 0in 0.0001pt;font-size:11pt"><span style="font-size:11pt">I'm running an app that uses ECC public keys and have discovered a problem that only appears to emerge on RedHat ...</span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt"><br></div><div style="margin:0in 0in 0.0001pt;font-size:11pt">...specifically I'm getting not_sup for crypto:generate_key for ecdh.</div><div style="margin:0in 0in 0.0001pt;font-size:11pt"><br></div><div style="margin:0in 0in 0.0001pt;font-size:11pt">I have built openssl 1.0.1h from source on the RH server, and 17.3 on top of that, but still I am missing ec_gf2m, ecdsa and ecdh support (see 'public_keys' section in the below repl, and the comparative from deploys on OS X and Windows).</div><div style="margin:0in 0in 0.0001pt;font-size:11pt"><br></div><div style="margin:0in 0in 0.0001pt;font-size:11pt"><span style="font-size:11pt">On RedHat Linux</span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt"><div style="margin:0in 0in 0.0001pt;font-size:11pt">1> crypto:supports().<u></u><u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt">[{hashs,[md4,md5,sha,ripemd160,sha224,sha256,sha384,sha512]},<u></u><u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt">{ciphers,[des_cbc,des_cfb,des3_cbc,des_ede3,blowfish_cbc,<u></u><u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt"> blowfish_cfb64,blowfish_ofb64,blowfish_ecb,aes_cbc128,<u></u><u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt"> aes_cfb8,aes_cfb128,aes_cbc256,rc2_cbc,aes_ctr,rc4,des3_cbf,<u></u><u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt"> aes_ige256]},<u></u><u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt">{public_keys,[rsa,dss,dh,srp]}]<u></u><u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt">2> crypto:ec_curves().<u></u><u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt">[secp112r1,secp112r2,secp128r1,secp128r2,secp160k1,<u></u><u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt">secp160r1,secp160r2,secp192r1,secp192k1,secp224k1,secp224r1,<u></u><u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt">secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,<u></u><u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt">prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,<u></u><u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt">prime256v1,wtls6,wtls7,wtls8,wtls9,wtls12,brainpoolP160r1,<u></u><u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt">brainpoolP160t1|...]</div><div><br></div></div><div style="margin:0in 0in 0.0001pt;font-size:11pt">On OSX + Windows</div><div style="margin:0px;font-size:11px;font-family:'Courier New'">1> crypto:supports().</div><div style="margin:0px;font-size:11px;font-family:'Courier New'">[{hashs,[md4,md5,sha,ripemd160,sha224,sha256,sha384,sha512]},</div><div style="margin:0px;font-size:11px;font-family:'Courier New'"> {ciphers,[des_cbc,des_cfb,des3_cbc,des_ede3,blowfish_cbc,</div><div style="margin:0px;font-size:11px;font-family:'Courier New'"> blowfish_cfb64,blowfish_ofb64,blowfish_ecb,aes_cbc128,</div><div style="margin:0px;font-size:11px;font-family:'Courier New'"> aes_cfb8,aes_cfb128,aes_cbc256,rc2_cbc,aes_ctr,rc4,des3_cbf,</div><div style="margin:0px;font-size:11px;font-family:'Courier New'"> aes_ige256]},</div><div style="margin:0px;font-size:11px;font-family:'Courier New'"> {public_keys,[rsa,dss,dh,srp,ec_gf2m,ecdsa,ecdh]}]</div><div style="margin:0px;font-size:11px;font-family:'Courier New'">2> crypto:ec_curves().</div><div style="margin:0px;font-size:11px;font-family:'Courier New'">[secp112r1,secp112r2,secp128r1,secp128r2,secp160k1,</div><div style="margin:0px;font-size:11px;font-family:'Courier New'"> secp160r1,secp160r2,secp192r1,secp192k1,secp224k1,secp224r1,</div><div style="margin:0px;font-size:11px;font-family:'Courier New'"> secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,</div><div style="margin:0px;font-size:11px;font-family:'Courier New'"> prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,</div><div style="margin:0px;font-size:11px;font-family:'Courier New'"> prime256v1,wtls6,wtls7,wtls8,wtls9,wtls12,brainpoolP160r1,</div><div style="margin:0px;font-size:11px;font-family:'Courier New'"> brainpoolP160t1|...]</div><div><br></div></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><div style="font-size:11pt;margin:0in 0in 0.0001pt">I'm hoping somebody else has faced this frustration before and found a solution...?</div><div style="font-size:11pt;margin:0in 0in 0.0001pt"><br></div><div style="font-size:11pt;margin:0in 0in 0.0001pt">regs,</div><div style="font-size:11pt;margin:0in 0in 0.0001pt">/s</div><div style="font-size:11pt;margin:0in 0in 0.0001pt"><br></div><div style="font-size:11pt;margin:0in 0in 0.0001pt"></div></div></div><br>_______________________________________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
<br></blockquote></div><br></div></div>
</blockquote></div><br></div></div></blockquote></div><br></div></div></div></div>
</blockquote></div><br></div></div></div></div></blockquote></div><br></div></div>