How to Enable Weak Ciphers OpenSSL 1.1.1h installation
Satyam Mehrotra
satyam226 at gmail.com
Mon Oct 26 17:10:11 UTC 2020
Dear Dmitry,
The below is the process i have followed
- Downloaded the openssl-1.1.1h from the official OpenSSL site
- ./config -ggdb -enable-weak-ssl-ciphers
- make
- make install
- Execute openSSL command ( Looks like any openSSL command the binary
is crashing )
openssl version
Segmentation fault (core dumped)
openssl ciphers -V
Segmentation fault (core dumped)
openssl
Segmentation fault (core dumped)
Thanks
Satyam
On Mon, 26 Oct 2020 at 21:59, Dmitry Belyavsky <beldmit at gmail.com> wrote:
> Dear Satyam,
>
> Do I correctly understand that
> - you built openssl-1.1.1h from scratch with -enable-weak-ssl-ciphers
> - installed it
> -run some command? Which one(s)? Initially, you were speaking about
> 'ciphers', but the stack trace is from the 'ca'.
>
> On Mon, Oct 26, 2020 at 7:26 PM Satyam Mehrotra <satyam226 at gmail.com>
> wrote:
>
>> Segmentation fault is not seen if i don't compile* ./config with*
>> *-enable-weak-ssl-ciphers.*
>>
>> Is it something I am missing or some more options needs to be provided to
>> ./config ?
>>
>> Thanks
>> Satyam
>>
>> On Mon, 26 Oct 2020 at 20:21, Dmitry Belyavsky <beldmit at gmail.com> wrote:
>>
>>> It has nothing to do with the ciphers command...
>>>
>>> On Mon, Oct 26, 2020 at 5:18 PM Satyam Mehrotra <satyam226 at gmail.com>
>>> wrote:
>>>
>>>> Dear Dmitry,
>>>>
>>>> >>Are the /usr/local/lib64/libssl.so.1.1 and
>>>> /usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you?
>>>> Yes, they are same
>>>>
>>>> gdb openssl core.50178
>>>>
>>>> GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7
>>>>
>>>> Copyright (C) 2013 Free Software Foundation, Inc.
>>>>
>>>> License GPLv3+: GNU GPL version 3 or later <
>>>> http://gnu.org/licenses/gpl.html>
>>>>
>>>> This is free software: you are free to change and redistribute it.
>>>>
>>>> There is NO WARRANTY, to the extent permitted by law. Type "show
>>>> copying"
>>>>
>>>> and "show warranty" for details.
>>>>
>>>> This GDB was configured as "x86_64-redhat-linux-gnu".
>>>>
>>>> For bug reporting instructions, please see:
>>>>
>>>> <http://www.gnu.org/software/gdb/bugs/>...
>>>>
>>>> Reading symbols from
>>>> /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...done.
>>>>
>>>> [New LWP 50178]
>>>>
>>>> [Thread debugging using libthread_db enabled]
>>>>
>>>> Using host libthread_db library "/lib64/libthread_db.so.1".
>>>>
>>>> Core was generated by `/usr/local/bin/openssl'.
>>>>
>>>> Program terminated with signal 11, Segmentation fault.
>>>>
>>>> #0 do_body (xret=0x7f2bc6a6dcf0, pkey=0x7ffddd58d888,
>>>> x509=0x7f2bc6a7de80 <_dl_fini>, dgst=0x7f2bc6a8af5a, sigopts=0x0,
>>>> policy=0xfffa320300000000, serial=0x7ffddd58f693,
>>>>
>>>> subj=0x7ffddd58f6a6 "HOSTNAME=CentOS7", chtype=140728317048503,
>>>> multirdn=-581372209, email_dn=-581372189, startdate=0x7ffddd58f6f3
>>>> "HISTSIZE=1000",
>>>>
>>>> enddate=0x7ffddd58f701 "SSH_CLIENT=10.101.14.61 17471 22",
>>>> days=140728317048610, batch=-581372099, verbose=-581372056,
>>>> req=0x7ffddd58f77b,
>>>>
>>>> ext_sect=0x7ffddd58f785 "LD_LIBRARY_PATH=/usr/local/lib64/",
>>>> lconf=0x7ffddd58f7a7, certopt=140728317050463, nameopt=140728317050489,
>>>> default_op=-581370182,
>>>>
>>>> ext_copy=-581370137, selfsign=-581370120, db=<optimized out>,
>>>> db=<optimized out>) at apps/ca.c:1410
>>>>
>>>> 1410 row[i] = NULL;
>>>>
>>>>
>>>>
>>>> Thanks
>>>>
>>>> Satyam
>>>>
>>>>
>>>> On Mon, 26 Oct 2020 at 19:34, Dmitry Belyavsky <beldmit at gmail.com>
>>>> wrote:
>>>>
>>>>> Are the /usr/local/lib64/libssl.so.1.1 and
>>>>> /usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you?
>>>>> If yes, you should try running via gdb to get a backtrace.
>>>>>
>>>>> On Mon, Oct 26, 2020 at 4:54 PM Satyam Mehrotra <satyam226 at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Dear Dmitry,
>>>>>>
>>>>>> As suggested i have build the openssl with -ggdb ( ./config -ggdb
>>>>>> -enable-weak-ssl-ciphers ) and after building i did make install as well.
>>>>>>
>>>>>> The strace output is as below
>>>>>> ==============================
>>>>>>
>>>>>> *strace ./openssl*
>>>>>>
>>>>>>
>>>>>> execve("./openssl", ["./openssl"], 0x7ffc8151b3d0 /* 27 vars */) = 0
>>>>>>
>>>>>> brk(NULL) = 0x1b4f000
>>>>>>
>>>>>> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
>>>>>> 0) = 0x7f3046813000
>>>>>>
>>>>>> access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
>>>>>> directory)
>>>>>>
>>>>>> open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
>>>>>>
>>>>>> fstat(3, {st_mode=S_IFREG|0644, st_size=35929, ...}) = 0
>>>>>>
>>>>>> mmap(NULL, 35929, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f304680a000
>>>>>>
>>>>>> close(3) = 0
>>>>>>
>>>>>> open("/usr/local/lib64/libssl.so.1.1", O_RDONLY|O_CLOEXEC) = 3
>>>>>>
>>>>>> read(3,
>>>>>> "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\24\2\0\0\0\0\0"..., 832)
>>>>>> = 832
>>>>>>
>>>>>> fstat(3, {st_mode=S_IFREG|0755, st_size=742664, ...}) = 0
>>>>>>
>>>>>> mmap(NULL, 2748352, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
>>>>>> 3, 0) = 0x7f3046354000
>>>>>>
>>>>>> mprotect(0x7f30463e4000, 2097152, PROT_NONE) = 0
>>>>>>
>>>>>> mmap(0x7f30465e4000, 61440, PROT_READ|PROT_WRITE,
>>>>>> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x90000) = 0x7f30465e4000
>>>>>>
>>>>>> close(3) = 0
>>>>>>
>>>>>> open("/usr/local/lib64/libcrypto.so.1.1", O_RDONLY|O_CLOEXEC) = 3
>>>>>>
>>>>>> read(3,
>>>>>> "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0p\7\0\0\0\0\0"..., 832) =
>>>>>> 832
>>>>>>
>>>>>> fstat(3, {st_mode=S_IFREG|0755, st_size=3397280, ...}) = 0
>>>>>>
>>>>>> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
>>>>>> 0) = 0x7f3046809000
>>>>>>
>>>>>> mmap(NULL, 5158840, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
>>>>>> 3, 0) = 0x7f3045e68000
>>>>>>
>>>>>> mprotect(0x7f3046122000, 2097152, PROT_NONE) = 0
>>>>>>
>>>>>> mmap(0x7f3046322000, 188416, PROT_READ|PROT_WRITE,
>>>>>> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2ba000) = 0x7f3046322000
>>>>>>
>>>>>> mmap(0x7f3046350000, 14264, PROT_READ|PROT_WRITE,
>>>>>> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3046350000
>>>>>>
>>>>>> close(3) = 0
>>>>>>
>>>>>> open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
>>>>>>
>>>>>> read(3,
>>>>>> "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\16\0\0\0\0\0\0"..., 832) =
>>>>>> 832
>>>>>>
>>>>>> fstat(3, {st_mode=S_IFREG|0755, st_size=19248, ...}) = 0
>>>>>>
>>>>>> mmap(NULL, 2109744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
>>>>>> 3, 0) = 0x7f3045c64000
>>>>>>
>>>>>> mprotect(0x7f3045c66000, 2097152, PROT_NONE) = 0
>>>>>>
>>>>>> mmap(0x7f3045e66000, 8192, PROT_READ|PROT_WRITE,
>>>>>> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f3045e66000
>>>>>>
>>>>>> close(3) = 0
>>>>>>
>>>>>> open("/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
>>>>>>
>>>>>> read(3,
>>>>>> "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200m\0\0\0\0\0\0"..., 832)
>>>>>> = 832
>>>>>>
>>>>>> fstat(3, {st_mode=S_IFREG|0755, st_size=142144, ...}) = 0
>>>>>>
>>>>>> mmap(NULL, 2208904, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
>>>>>> 3, 0) = 0x7f3045a48000
>>>>>>
>>>>>> mprotect(0x7f3045a5f000, 2093056, PROT_NONE) = 0
>>>>>>
>>>>>> mmap(0x7f3045c5e000, 8192, PROT_READ|PROT_WRITE,
>>>>>> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7f3045c5e000
>>>>>>
>>>>>> mmap(0x7f3045c60000, 13448, PROT_READ|PROT_WRITE,
>>>>>> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045c60000
>>>>>>
>>>>>> close(3) = 0
>>>>>>
>>>>>> open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
>>>>>>
>>>>>> read(3,
>>>>>> "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832) =
>>>>>> 832
>>>>>>
>>>>>> fstat(3, {st_mode=S_IFREG|0755, st_size=2156240, ...}) = 0
>>>>>>
>>>>>> mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
>>>>>> 3, 0) = 0x7f304567a000
>>>>>>
>>>>>> mprotect(0x7f304583d000, 2097152, PROT_NONE) = 0
>>>>>>
>>>>>> mmap(0x7f3045a3d000, 24576, PROT_READ|PROT_WRITE,
>>>>>> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7f3045a3d000
>>>>>>
>>>>>> mmap(0x7f3045a43000, 16896, PROT_READ|PROT_WRITE,
>>>>>> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045a43000
>>>>>>
>>>>>> close(3) = 0
>>>>>>
>>>>>> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
>>>>>> 0) = 0x7f3046808000
>>>>>>
>>>>>> mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
>>>>>> 0) = 0x7f3046806000
>>>>>>
>>>>>> arch_prctl(ARCH_SET_FS, 0x7f3046806740) = 0
>>>>>>
>>>>>> mprotect(0x7f3045a3d000, 16384, PROT_READ) = 0
>>>>>>
>>>>>> mprotect(0x7f3045c5e000, 4096, PROT_READ) = 0
>>>>>>
>>>>>> mprotect(0x7f3045e66000, 4096, PROT_READ) = 0
>>>>>>
>>>>>> mprotect(0x7f3046322000, 176128, PROT_READ) = 0
>>>>>>
>>>>>> mprotect(0x7f30465e4000, 40960, PROT_READ) = 0
>>>>>>
>>>>>> mprotect(0x692000, 4096, PROT_READ) = 0
>>>>>>
>>>>>> mprotect(0x7f3046814000, 4096, PROT_READ) = 0
>>>>>>
>>>>>> munmap(0x7f304680a000, 35929) = 0
>>>>>>
>>>>>> set_tid_address(0x7f3046806a10) = 47865
>>>>>>
>>>>>> set_robust_list(0x7f3046806a20, 24) = 0
>>>>>>
>>>>>> rt_sigaction(SIGRTMIN, {sa_handler=0x7f3045a4e860, sa_mask=[],
>>>>>> sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f3045a57630}, NULL, 8) = 0
>>>>>>
>>>>>> rt_sigaction(SIGRT_1, {sa_handler=0x7f3045a4e8f0, sa_mask=[],
>>>>>> sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3045a57630},
>>>>>> NULL, 8) = 0
>>>>>>
>>>>>> rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
>>>>>>
>>>>>> getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024,
>>>>>> rlim_max=RLIM64_INFINITY}) = 0
>>>>>>
>>>>>> --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} ---
>>>>>>
>>>>>> +++ killed by SIGSEGV (core dumped) +++
>>>>>>
>>>>>> Segmentation fault
>>>>>>
>>>>>>
>>>>>>
>>>>>> *Thanks*
>>>>>>
>>>>>> *Satyam*
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Mon, 26 Oct 2020 at 17:50, Dmitry Belyavsky <beldmit at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Dear Satyam,
>>>>>>>
>>>>>>> First of all, I'll suggest checking whether the libcrypto/libssl are
>>>>>>> those you've built. It can be done, e.g., via running strace.
>>>>>>>
>>>>>>> I also suggest building openssl with -ggdb (./config -ggdb should do
>>>>>>> the trick).
>>>>>>>
>>>>>>> On Mon, Oct 26, 2020 at 11:34 AM Satyam Mehrotra <
>>>>>>> satyam226 at gmail.com> wrote:
>>>>>>>
>>>>>>>> Hi Dmitry,
>>>>>>>>
>>>>>>>> >>If you have just built the openssl, try to set the
>>>>>>>> LD_LIBRARY_PATH environment variable pointing to freshly built
>>>>>>>> libcrypto/libssl
>>>>>>>>
>>>>>>>> I try setting the LD_LIBRARY_PATH but it is still crashing
>>>>>>>>
>>>>>>>> *which openssl*
>>>>>>>>
>>>>>>>> * /usr/local/bin/openssl*
>>>>>>>>
>>>>>>>>
>>>>>>>> *export LD_LIBRARY_PATH=/usr/local/lib64/*
>>>>>>>>
>>>>>>>>
>>>>>>>> ls -lhrt
>>>>>>>>
>>>>>>>> total 11M
>>>>>>>>
>>>>>>>> drwxr-xr-x. 2 root root 61 Oct 25 16:27 pkgconfig
>>>>>>>>
>>>>>>>> -rwxr-xr-x. 1 root root 3.3M Oct 26 12:58 libcrypto.so.1.1
>>>>>>>>
>>>>>>>> -rwxr-xr-x. 1 root root 726K Oct 26 12:58 libssl.so.1.1
>>>>>>>>
>>>>>>>> -rw-r--r--. 1 root root 5.4M Oct 26 12:58 libcrypto.a
>>>>>>>>
>>>>>>>> -rw-r--r--. 1 root root 1.1M Oct 26 12:58 libssl.a
>>>>>>>>
>>>>>>>> lrwxrwxrwx. 1 root root 16 Oct 26 12:58 libcrypto.so ->
>>>>>>>> libcrypto.so.1.1
>>>>>>>>
>>>>>>>> lrwxrwxrwx. 1 root root 13 Oct 26 12:58 libssl.so ->
>>>>>>>> libssl.so.1.1
>>>>>>>>
>>>>>>>> drwxr-xr-x. 2 root root 39 Oct 26 12:58 engines-1.1
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> *openssl ciphers -V*
>>>>>>>>
>>>>>>>> * Segmentation fault*
>>>>>>>>
>>>>>>>>
>>>>>>>> *gdb ./openssl core.3370 *
>>>>>>>>
>>>>>>>>
>>>>>>>> GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7
>>>>>>>>
>>>>>>>> Copyright (C) 2013 Free Software Foundation, Inc.
>>>>>>>>
>>>>>>>> License GPLv3+: GNU GPL version 3 or later <
>>>>>>>> http://gnu.org/licenses/gpl.html>
>>>>>>>>
>>>>>>>> This is free software: you are free to change and redistribute it.
>>>>>>>>
>>>>>>>> There is NO WARRANTY, to the extent permitted by law. Type "show
>>>>>>>> copying"
>>>>>>>>
>>>>>>>> and "show warranty" for details.
>>>>>>>>
>>>>>>>> This GDB was configured as "x86_64-redhat-linux-gnu".
>>>>>>>>
>>>>>>>> For bug reporting instructions, please see:
>>>>>>>>
>>>>>>>> <http://www.gnu.org/software/gdb/bugs/>...
>>>>>>>>
>>>>>>>> Reading symbols from
>>>>>>>> /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...(no debugging symbols
>>>>>>>> found)...done.
>>>>>>>>
>>>>>>>> [New LWP 3370]
>>>>>>>>
>>>>>>>> [Thread debugging using libthread_db enabled]
>>>>>>>>
>>>>>>>> Using host libthread_db library "/lib64/libthread_db.so.1".
>>>>>>>>
>>>>>>>> Core was generated by `openssl ciphers -V'.
>>>>>>>>
>>>>>>>> Program terminated with signal 11, Segmentation fault.
>>>>>>>>
>>>>>>>> #0 0x000000000041c53d in do_body.isra.3 ()
>>>>>>>>
>>>>>>>> (gdb) bt
>>>>>>>>
>>>>>>>> #0 0x000000000041c53d in do_body.isra.3 ()
>>>>>>>>
>>>>>>>> (gdb)
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>>
>>>>>>>> Satyam
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, 26 Oct 2020 at 12:16, Dmitry Belyavsky <beldmit at gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> If you have just built the openssl, try to set the LD_LIBRARY_PATH
>>>>>>>>> environment variable pointing to freshly built libcrypto/libssl
>>>>>>>>>
>>>>>>>>> On Mon, Oct 26, 2020 at 9:33 AM Satyam Mehrotra <
>>>>>>>>> satyam226 at gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Hello,
>>>>>>>>>>
>>>>>>>>>> Any Suggestions on how this can be done ?
>>>>>>>>>> why openssl binary is crashing if i am compiling it with *-enable-weak-ssl-ciphers
>>>>>>>>>> ,* also what is the location of the crash file.
>>>>>>>>>>
>>>>>>>>>> Thanks
>>>>>>>>>> Satyam
>>>>>>>>>>
>>>>>>>>>> On Sun, 25 Oct 2020 at 12:57, Satyam Mehrotra <
>>>>>>>>>> satyam226 at gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hello Everyone,
>>>>>>>>>>>
>>>>>>>>>>> I have just joined the openssl users community.
>>>>>>>>>>> My requirement is to have the SSLv3 and weak ciphers enable
>>>>>>>>>>> with openssl installation .
>>>>>>>>>>> I have a query regarding enabling SSLv3 protocol and weak
>>>>>>>>>>> ciphers with openssl-1.1.1h installation
>>>>>>>>>>>
>>>>>>>>>>> I have followed the below steps
>>>>>>>>>>>
>>>>>>>>>>> 1) *./config -enable-weak-ssl-ciphers*
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> *2) The Makefile looks as below*
>>>>>>>>>>>
>>>>>>>>>>> *===============================*
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> ##
>>>>>>>>>>>
>>>>>>>>>>> ## Makefile for OpenSSL
>>>>>>>>>>>
>>>>>>>>>>> ##
>>>>>>>>>>>
>>>>>>>>>>> ## WARNING: do not edit!
>>>>>>>>>>>
>>>>>>>>>>> ## Generated by Configure from Configurations/common0.tmpl,
>>>>>>>>>>> Configurations/unix-Makefile.tmpl, Configurations/common.tmpl
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> PLATFORM=linux-x86_64
>>>>>>>>>>>
>>>>>>>>>>> OPTIONS=-enable-weak-ssl-ciphers no-asan no-buildtest-c++
>>>>>>>>>>> no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng
>>>>>>>>>>> no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl
>>>>>>>>>>> no-fuzz-libfuzzer no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ubsan
>>>>>>>>>>> no-unit-test no-zlib no-zlib-dynamic
>>>>>>>>>>>
>>>>>>>>>>> CONFIGURE_ARGS=("linux-x86_64", "-enable-weak-ssl-ciphers")
>>>>>>>>>>>
>>>>>>>>>>> SRCDIR=.
>>>>>>>>>>>
>>>>>>>>>>> BLDDIR=.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> VERSION=1.1.1h
>>>>>>>>>>>
>>>>>>>>>>> MAJOR=1
>>>>>>>>>>>
>>>>>>>>>>> MINOR=1.1
>>>>>>>>>>>
>>>>>>>>>>> SHLIB_VERSION_NUMBER=1.1
>>>>>>>>>>>
>>>>>>>>>>> SHLIB_VERSION_HISTORY=
>>>>>>>>>>>
>>>>>>>>>>> SHLIB_MAJOR=1
>>>>>>>>>>>
>>>>>>>>>>> SHLIB_MINOR=1
>>>>>>>>>>>
>>>>>>>>>>> SHLIB_TARGET=linux-shared
>>>>>>>>>>>
>>>>>>>>>>> SHLIB_EXT=.so.$(SHLIB_VERSION_NUMBER)
>>>>>>>>>>>
>>>>>>>>>>> SHLIB_EXT_SIMPLE=.so
>>>>>>>>>>>
>>>>>>>>>>> SHLIB_EXT_IMPORT=
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> LIBS=apps/libapps.a libcrypto.a libssl.a test/libtestutil.a
>>>>>>>>>>>
>>>>>>>>>>> SHLIBS=libcrypto$(SHLIB_EXT) libssl$(SHLIB_EXT)
>>>>>>>>>>>
>>>>>>>>>>> SHLIB_INFO=";"
>>>>>>>>>>> "libcrypto$(SHLIB_EXT);libcrypto$(SHLIB_EXT_SIMPLE)"
>>>>>>>>>>> "libssl$(SHLIB_EXT);libssl$(SHLIB_EXT_SIMPLE)" ";"
>>>>>>>>>>>
>>>>>>>>>>> ENGINES=engines/afalg.so engines/capi.so engines/dasync.so
>>>>>>>>>>> engines/ossltest.so engines/padlock.so
>>>>>>>>>>>
>>>>>>>>>>> @
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> if i do any openssl operations it gives error ( core dumped )
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> *./openssl ciphers -V*
>>>>>>>>>>>
>>>>>>>>>>> * Segmentation fault (core dumped)*
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> *Can someone help me in resolving this issue ?*
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> If i don't use option* "**-enable-weak-ssl-ciphers " *then the
>>>>>>>>>>> above issue is not seen but SSLv3 and weak ciphers do not get enable.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Thanks
>>>>>>>>>>>
>>>>>>>>>>> Satyam
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> SY, Dmitry Belyavsky
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> SY, Dmitry Belyavsky
>>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> SY, Dmitry Belyavsky
>>>>>
>>>>
>>>
>>> --
>>> SY, Dmitry Belyavsky
>>>
>>
>
> --
> SY, Dmitry Belyavsky
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201026/6fd3fc88/attachment-0001.html>
More information about the openssl-users
mailing list