How to Enable Weak Ciphers OpenSSL 1.1.1h installation
Dmitry Belyavsky
beldmit at gmail.com
Mon Oct 26 19:37:19 UTC 2020
Wow!
I was unattentive :(
The leading minus before enable-weak-ssl-ciphers was the problem. Many
thanks Satyam!
On Mon, Oct 26, 2020 at 8:41 PM Satyam Mehrotra <satyam226 at gmail.com> wrote:
> I think i have resolved it . if you use the following option and then do a
> make , the openssl binary don't crash
>
> ./config -ggdb enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method
> no-shared
>
>
> What is the significance of no-shared ? why we have to use this option
>
>
> Thanks
>
> Satyam
>
> On Mon, 26 Oct 2020 at 22:59, Dmitry Belyavsky <beldmit at gmail.com> wrote:
>
>> Many thanks!
>>
>> I could reproduce the bug.
>>
>> On Mon, Oct 26, 2020 at 8:10 PM Satyam Mehrotra <satyam226 at gmail.com>
>> wrote:
>>
>>> No Worries Dmitry !!
>>> I have send the sequence in the main mail thread.
>>>
>>> Thanks
>>> Satyam
>>>
>>> On Mon, 26 Oct 2020 at 22:10, Dmitry Belyavsky <beldmit at gmail.com>
>>> wrote:
>>>
>>>> Dear Satyam,
>>>>
>>>> Sorry, but no. If you send the way to reproduce the bug, I'll take a
>>>> look at it.
>>>>
>>>> On Mon, Oct 26, 2020 at 7:38 PM Satyam Mehrotra <satyam226 at gmail.com>
>>>> wrote:
>>>>
>>>>> Dear Dmitry,
>>>>>
>>>>> Is it possible to have meeting on GoToMeeting?
>>>>> I can send the invite and then i can share my screen.
>>>>> Probably, that will be faster and quick to resolve.
>>>>>
>>>>> Thanks
>>>>> Satyam
>>>>>
>>>>> On Mon, 26 Oct 2020 at 21:59, Dmitry Belyavsky <beldmit at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Dear Satyam,
>>>>>>
>>>>>> Do I correctly understand that
>>>>>> - you built openssl-1.1.1h from scratch with -enable-weak-ssl-ciphers
>>>>>> - installed it
>>>>>> -run some command? Which one(s)? Initially, you were speaking about
>>>>>> 'ciphers', but the stack trace is from the 'ca'.
>>>>>>
>>>>>> On Mon, Oct 26, 2020 at 7:26 PM Satyam Mehrotra <satyam226 at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Segmentation fault is not seen if i don't compile* ./config with*
>>>>>>> *-enable-weak-ssl-ciphers.*
>>>>>>>
>>>>>>> Is it something I am missing or some more options needs to be
>>>>>>> provided to ./config ?
>>>>>>>
>>>>>>> Thanks
>>>>>>> Satyam
>>>>>>>
>>>>>>> On Mon, 26 Oct 2020 at 20:21, Dmitry Belyavsky <beldmit at gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> It has nothing to do with the ciphers command...
>>>>>>>>
>>>>>>>> On Mon, Oct 26, 2020 at 5:18 PM Satyam Mehrotra <
>>>>>>>> satyam226 at gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Dear Dmitry,
>>>>>>>>>
>>>>>>>>> >>Are the /usr/local/lib64/libssl.so.1.1 and
>>>>>>>>> /usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you?
>>>>>>>>> Yes, they are same
>>>>>>>>>
>>>>>>>>> gdb openssl core.50178
>>>>>>>>>
>>>>>>>>> GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7
>>>>>>>>>
>>>>>>>>> Copyright (C) 2013 Free Software Foundation, Inc.
>>>>>>>>>
>>>>>>>>> License GPLv3+: GNU GPL version 3 or later <
>>>>>>>>> http://gnu.org/licenses/gpl.html>
>>>>>>>>>
>>>>>>>>> This is free software: you are free to change and redistribute it.
>>>>>>>>>
>>>>>>>>> There is NO WARRANTY, to the extent permitted by law. Type "show
>>>>>>>>> copying"
>>>>>>>>>
>>>>>>>>> and "show warranty" for details.
>>>>>>>>>
>>>>>>>>> This GDB was configured as "x86_64-redhat-linux-gnu".
>>>>>>>>>
>>>>>>>>> For bug reporting instructions, please see:
>>>>>>>>>
>>>>>>>>> <http://www.gnu.org/software/gdb/bugs/>...
>>>>>>>>>
>>>>>>>>> Reading symbols from
>>>>>>>>> /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...done.
>>>>>>>>>
>>>>>>>>> [New LWP 50178]
>>>>>>>>>
>>>>>>>>> [Thread debugging using libthread_db enabled]
>>>>>>>>>
>>>>>>>>> Using host libthread_db library "/lib64/libthread_db.so.1".
>>>>>>>>>
>>>>>>>>> Core was generated by `/usr/local/bin/openssl'.
>>>>>>>>>
>>>>>>>>> Program terminated with signal 11, Segmentation fault.
>>>>>>>>>
>>>>>>>>> #0 do_body (xret=0x7f2bc6a6dcf0, pkey=0x7ffddd58d888,
>>>>>>>>> x509=0x7f2bc6a7de80 <_dl_fini>, dgst=0x7f2bc6a8af5a, sigopts=0x0,
>>>>>>>>> policy=0xfffa320300000000, serial=0x7ffddd58f693,
>>>>>>>>>
>>>>>>>>> subj=0x7ffddd58f6a6 "HOSTNAME=CentOS7",
>>>>>>>>> chtype=140728317048503, multirdn=-581372209, email_dn=-581372189,
>>>>>>>>> startdate=0x7ffddd58f6f3 "HISTSIZE=1000",
>>>>>>>>>
>>>>>>>>> enddate=0x7ffddd58f701 "SSH_CLIENT=10.101.14.61 17471 22",
>>>>>>>>> days=140728317048610, batch=-581372099, verbose=-581372056,
>>>>>>>>> req=0x7ffddd58f77b,
>>>>>>>>>
>>>>>>>>> ext_sect=0x7ffddd58f785 "LD_LIBRARY_PATH=/usr/local/lib64/",
>>>>>>>>> lconf=0x7ffddd58f7a7, certopt=140728317050463, nameopt=140728317050489,
>>>>>>>>> default_op=-581370182,
>>>>>>>>>
>>>>>>>>> ext_copy=-581370137, selfsign=-581370120, db=<optimized out>,
>>>>>>>>> db=<optimized out>) at apps/ca.c:1410
>>>>>>>>>
>>>>>>>>> 1410 row[i] = NULL;
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thanks
>>>>>>>>>
>>>>>>>>> Satyam
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, 26 Oct 2020 at 19:34, Dmitry Belyavsky <beldmit at gmail.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> Are the /usr/local/lib64/libssl.so.1.1 and
>>>>>>>>>> /usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you?
>>>>>>>>>> If yes, you should try running via gdb to get a backtrace.
>>>>>>>>>>
>>>>>>>>>> On Mon, Oct 26, 2020 at 4:54 PM Satyam Mehrotra <
>>>>>>>>>> satyam226 at gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Dear Dmitry,
>>>>>>>>>>>
>>>>>>>>>>> As suggested i have build the openssl with -ggdb ( ./config
>>>>>>>>>>> -ggdb -enable-weak-ssl-ciphers ) and after building i did make install as
>>>>>>>>>>> well.
>>>>>>>>>>>
>>>>>>>>>>> The strace output is as below
>>>>>>>>>>> ==============================
>>>>>>>>>>>
>>>>>>>>>>> *strace ./openssl*
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> execve("./openssl", ["./openssl"], 0x7ffc8151b3d0 /* 27 vars */)
>>>>>>>>>>> = 0
>>>>>>>>>>>
>>>>>>>>>>> brk(NULL) = 0x1b4f000
>>>>>>>>>>>
>>>>>>>>>>> mmap(NULL, 4096, PROT_READ|PROT_WRITE,
>>>>>>>>>>> MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046813000
>>>>>>>>>>>
>>>>>>>>>>> access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such
>>>>>>>>>>> file or directory)
>>>>>>>>>>>
>>>>>>>>>>> open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
>>>>>>>>>>>
>>>>>>>>>>> fstat(3, {st_mode=S_IFREG|0644, st_size=35929, ...}) = 0
>>>>>>>>>>>
>>>>>>>>>>> mmap(NULL, 35929, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f304680a000
>>>>>>>>>>>
>>>>>>>>>>> close(3) = 0
>>>>>>>>>>>
>>>>>>>>>>> open("/usr/local/lib64/libssl.so.1.1", O_RDONLY|O_CLOEXEC) = 3
>>>>>>>>>>>
>>>>>>>>>>> read(3,
>>>>>>>>>>> "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\24\2\0\0\0\0\0"..., 832)
>>>>>>>>>>> = 832
>>>>>>>>>>>
>>>>>>>>>>> fstat(3, {st_mode=S_IFREG|0755, st_size=742664, ...}) = 0
>>>>>>>>>>>
>>>>>>>>>>> mmap(NULL, 2748352, PROT_READ|PROT_EXEC,
>>>>>>>>>>> MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3046354000
>>>>>>>>>>>
>>>>>>>>>>> mprotect(0x7f30463e4000, 2097152, PROT_NONE) = 0
>>>>>>>>>>>
>>>>>>>>>>> mmap(0x7f30465e4000, 61440, PROT_READ|PROT_WRITE,
>>>>>>>>>>> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x90000) = 0x7f30465e4000
>>>>>>>>>>>
>>>>>>>>>>> close(3) = 0
>>>>>>>>>>>
>>>>>>>>>>> open("/usr/local/lib64/libcrypto.so.1.1", O_RDONLY|O_CLOEXEC) = 3
>>>>>>>>>>>
>>>>>>>>>>> read(3,
>>>>>>>>>>> "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0p\7\0\0\0\0\0"..., 832) =
>>>>>>>>>>> 832
>>>>>>>>>>>
>>>>>>>>>>> fstat(3, {st_mode=S_IFREG|0755, st_size=3397280, ...}) = 0
>>>>>>>>>>>
>>>>>>>>>>> mmap(NULL, 4096, PROT_READ|PROT_WRITE,
>>>>>>>>>>> MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046809000
>>>>>>>>>>>
>>>>>>>>>>> mmap(NULL, 5158840, PROT_READ|PROT_EXEC,
>>>>>>>>>>> MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045e68000
>>>>>>>>>>>
>>>>>>>>>>> mprotect(0x7f3046122000, 2097152, PROT_NONE) = 0
>>>>>>>>>>>
>>>>>>>>>>> mmap(0x7f3046322000, 188416, PROT_READ|PROT_WRITE,
>>>>>>>>>>> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2ba000) = 0x7f3046322000
>>>>>>>>>>>
>>>>>>>>>>> mmap(0x7f3046350000, 14264, PROT_READ|PROT_WRITE,
>>>>>>>>>>> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3046350000
>>>>>>>>>>>
>>>>>>>>>>> close(3) = 0
>>>>>>>>>>>
>>>>>>>>>>> open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
>>>>>>>>>>>
>>>>>>>>>>> read(3,
>>>>>>>>>>> "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\16\0\0\0\0\0\0"..., 832) =
>>>>>>>>>>> 832
>>>>>>>>>>>
>>>>>>>>>>> fstat(3, {st_mode=S_IFREG|0755, st_size=19248, ...}) = 0
>>>>>>>>>>>
>>>>>>>>>>> mmap(NULL, 2109744, PROT_READ|PROT_EXEC,
>>>>>>>>>>> MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045c64000
>>>>>>>>>>>
>>>>>>>>>>> mprotect(0x7f3045c66000, 2097152, PROT_NONE) = 0
>>>>>>>>>>>
>>>>>>>>>>> mmap(0x7f3045e66000, 8192, PROT_READ|PROT_WRITE,
>>>>>>>>>>> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f3045e66000
>>>>>>>>>>>
>>>>>>>>>>> close(3) = 0
>>>>>>>>>>>
>>>>>>>>>>> open("/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
>>>>>>>>>>>
>>>>>>>>>>> read(3,
>>>>>>>>>>> "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200m\0\0\0\0\0\0"..., 832)
>>>>>>>>>>> = 832
>>>>>>>>>>>
>>>>>>>>>>> fstat(3, {st_mode=S_IFREG|0755, st_size=142144, ...}) = 0
>>>>>>>>>>>
>>>>>>>>>>> mmap(NULL, 2208904, PROT_READ|PROT_EXEC,
>>>>>>>>>>> MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045a48000
>>>>>>>>>>>
>>>>>>>>>>> mprotect(0x7f3045a5f000, 2093056, PROT_NONE) = 0
>>>>>>>>>>>
>>>>>>>>>>> mmap(0x7f3045c5e000, 8192, PROT_READ|PROT_WRITE,
>>>>>>>>>>> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7f3045c5e000
>>>>>>>>>>>
>>>>>>>>>>> mmap(0x7f3045c60000, 13448, PROT_READ|PROT_WRITE,
>>>>>>>>>>> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045c60000
>>>>>>>>>>>
>>>>>>>>>>> close(3) = 0
>>>>>>>>>>>
>>>>>>>>>>> open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
>>>>>>>>>>>
>>>>>>>>>>> read(3,
>>>>>>>>>>> "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832) =
>>>>>>>>>>> 832
>>>>>>>>>>>
>>>>>>>>>>> fstat(3, {st_mode=S_IFREG|0755, st_size=2156240, ...}) = 0
>>>>>>>>>>>
>>>>>>>>>>> mmap(NULL, 3985920, PROT_READ|PROT_EXEC,
>>>>>>>>>>> MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f304567a000
>>>>>>>>>>>
>>>>>>>>>>> mprotect(0x7f304583d000, 2097152, PROT_NONE) = 0
>>>>>>>>>>>
>>>>>>>>>>> mmap(0x7f3045a3d000, 24576, PROT_READ|PROT_WRITE,
>>>>>>>>>>> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7f3045a3d000
>>>>>>>>>>>
>>>>>>>>>>> mmap(0x7f3045a43000, 16896, PROT_READ|PROT_WRITE,
>>>>>>>>>>> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045a43000
>>>>>>>>>>>
>>>>>>>>>>> close(3) = 0
>>>>>>>>>>>
>>>>>>>>>>> mmap(NULL, 4096, PROT_READ|PROT_WRITE,
>>>>>>>>>>> MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046808000
>>>>>>>>>>>
>>>>>>>>>>> mmap(NULL, 8192, PROT_READ|PROT_WRITE,
>>>>>>>>>>> MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046806000
>>>>>>>>>>>
>>>>>>>>>>> arch_prctl(ARCH_SET_FS, 0x7f3046806740) = 0
>>>>>>>>>>>
>>>>>>>>>>> mprotect(0x7f3045a3d000, 16384, PROT_READ) = 0
>>>>>>>>>>>
>>>>>>>>>>> mprotect(0x7f3045c5e000, 4096, PROT_READ) = 0
>>>>>>>>>>>
>>>>>>>>>>> mprotect(0x7f3045e66000, 4096, PROT_READ) = 0
>>>>>>>>>>>
>>>>>>>>>>> mprotect(0x7f3046322000, 176128, PROT_READ) = 0
>>>>>>>>>>>
>>>>>>>>>>> mprotect(0x7f30465e4000, 40960, PROT_READ) = 0
>>>>>>>>>>>
>>>>>>>>>>> mprotect(0x692000, 4096, PROT_READ) = 0
>>>>>>>>>>>
>>>>>>>>>>> mprotect(0x7f3046814000, 4096, PROT_READ) = 0
>>>>>>>>>>>
>>>>>>>>>>> munmap(0x7f304680a000, 35929) = 0
>>>>>>>>>>>
>>>>>>>>>>> set_tid_address(0x7f3046806a10) = 47865
>>>>>>>>>>>
>>>>>>>>>>> set_robust_list(0x7f3046806a20, 24) = 0
>>>>>>>>>>>
>>>>>>>>>>> rt_sigaction(SIGRTMIN, {sa_handler=0x7f3045a4e860, sa_mask=[],
>>>>>>>>>>> sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f3045a57630}, NULL, 8) = 0
>>>>>>>>>>>
>>>>>>>>>>> rt_sigaction(SIGRT_1, {sa_handler=0x7f3045a4e8f0, sa_mask=[],
>>>>>>>>>>> sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3045a57630},
>>>>>>>>>>> NULL, 8) = 0
>>>>>>>>>>>
>>>>>>>>>>> rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
>>>>>>>>>>>
>>>>>>>>>>> getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024,
>>>>>>>>>>> rlim_max=RLIM64_INFINITY}) = 0
>>>>>>>>>>>
>>>>>>>>>>> --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL}
>>>>>>>>>>> ---
>>>>>>>>>>>
>>>>>>>>>>> +++ killed by SIGSEGV (core dumped) +++
>>>>>>>>>>>
>>>>>>>>>>> Segmentation fault
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> *Thanks*
>>>>>>>>>>>
>>>>>>>>>>> *Satyam*
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Mon, 26 Oct 2020 at 17:50, Dmitry Belyavsky <
>>>>>>>>>>> beldmit at gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Dear Satyam,
>>>>>>>>>>>>
>>>>>>>>>>>> First of all, I'll suggest checking whether the
>>>>>>>>>>>> libcrypto/libssl are those you've built. It can be done, e.g., via running
>>>>>>>>>>>> strace.
>>>>>>>>>>>>
>>>>>>>>>>>> I also suggest building openssl with -ggdb (./config -ggdb
>>>>>>>>>>>> should do the trick).
>>>>>>>>>>>>
>>>>>>>>>>>> On Mon, Oct 26, 2020 at 11:34 AM Satyam Mehrotra <
>>>>>>>>>>>> satyam226 at gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Dmitry,
>>>>>>>>>>>>>
>>>>>>>>>>>>> >>If you have just built the openssl, try to set the
>>>>>>>>>>>>> LD_LIBRARY_PATH environment variable pointing to freshly built
>>>>>>>>>>>>> libcrypto/libssl
>>>>>>>>>>>>>
>>>>>>>>>>>>> I try setting the LD_LIBRARY_PATH but it is still crashing
>>>>>>>>>>>>>
>>>>>>>>>>>>> *which openssl*
>>>>>>>>>>>>>
>>>>>>>>>>>>> * /usr/local/bin/openssl*
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> *export LD_LIBRARY_PATH=/usr/local/lib64/*
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> ls -lhrt
>>>>>>>>>>>>>
>>>>>>>>>>>>> total 11M
>>>>>>>>>>>>>
>>>>>>>>>>>>> drwxr-xr-x. 2 root root 61 Oct 25 16:27 pkgconfig
>>>>>>>>>>>>>
>>>>>>>>>>>>> -rwxr-xr-x. 1 root root 3.3M Oct 26 12:58
>>>>>>>>>>>>> libcrypto.so.1.1
>>>>>>>>>>>>>
>>>>>>>>>>>>> -rwxr-xr-x. 1 root root 726K Oct 26 12:58 libssl.so.1.1
>>>>>>>>>>>>>
>>>>>>>>>>>>> -rw-r--r--. 1 root root 5.4M Oct 26 12:58 libcrypto.a
>>>>>>>>>>>>>
>>>>>>>>>>>>> -rw-r--r--. 1 root root 1.1M Oct 26 12:58 libssl.a
>>>>>>>>>>>>>
>>>>>>>>>>>>> lrwxrwxrwx. 1 root root 16 Oct 26 12:58 libcrypto.so
>>>>>>>>>>>>> -> libcrypto.so.1.1
>>>>>>>>>>>>>
>>>>>>>>>>>>> lrwxrwxrwx. 1 root root 13 Oct 26 12:58 libssl.so ->
>>>>>>>>>>>>> libssl.so.1.1
>>>>>>>>>>>>>
>>>>>>>>>>>>> drwxr-xr-x. 2 root root 39 Oct 26 12:58 engines-1.1
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> *openssl ciphers -V*
>>>>>>>>>>>>>
>>>>>>>>>>>>> * Segmentation fault*
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> *gdb ./openssl core.3370 *
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7
>>>>>>>>>>>>>
>>>>>>>>>>>>> Copyright (C) 2013 Free Software Foundation, Inc.
>>>>>>>>>>>>>
>>>>>>>>>>>>> License GPLv3+: GNU GPL version 3 or later <
>>>>>>>>>>>>> http://gnu.org/licenses/gpl.html>
>>>>>>>>>>>>>
>>>>>>>>>>>>> This is free software: you are free to change and redistribute
>>>>>>>>>>>>> it.
>>>>>>>>>>>>>
>>>>>>>>>>>>> There is NO WARRANTY, to the extent permitted by law. Type
>>>>>>>>>>>>> "show copying"
>>>>>>>>>>>>>
>>>>>>>>>>>>> and "show warranty" for details.
>>>>>>>>>>>>>
>>>>>>>>>>>>> This GDB was configured as "x86_64-redhat-linux-gnu".
>>>>>>>>>>>>>
>>>>>>>>>>>>> For bug reporting instructions, please see:
>>>>>>>>>>>>>
>>>>>>>>>>>>> <http://www.gnu.org/software/gdb/bugs/>...
>>>>>>>>>>>>>
>>>>>>>>>>>>> Reading symbols from
>>>>>>>>>>>>> /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...(no debugging symbols
>>>>>>>>>>>>> found)...done.
>>>>>>>>>>>>>
>>>>>>>>>>>>> [New LWP 3370]
>>>>>>>>>>>>>
>>>>>>>>>>>>> [Thread debugging using libthread_db enabled]
>>>>>>>>>>>>>
>>>>>>>>>>>>> Using host libthread_db library "/lib64/libthread_db.so.1".
>>>>>>>>>>>>>
>>>>>>>>>>>>> Core was generated by `openssl ciphers -V'.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Program terminated with signal 11, Segmentation fault.
>>>>>>>>>>>>>
>>>>>>>>>>>>> #0 0x000000000041c53d in do_body.isra.3 ()
>>>>>>>>>>>>>
>>>>>>>>>>>>> (gdb) bt
>>>>>>>>>>>>>
>>>>>>>>>>>>> #0 0x000000000041c53d in do_body.isra.3 ()
>>>>>>>>>>>>>
>>>>>>>>>>>>> (gdb)
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>
>>>>>>>>>>>>> Satyam
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Mon, 26 Oct 2020 at 12:16, Dmitry Belyavsky <
>>>>>>>>>>>>> beldmit at gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> If you have just built the openssl, try to set the
>>>>>>>>>>>>>> LD_LIBRARY_PATH environment variable pointing to freshly built
>>>>>>>>>>>>>> libcrypto/libssl
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Mon, Oct 26, 2020 at 9:33 AM Satyam Mehrotra <
>>>>>>>>>>>>>> satyam226 at gmail.com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hello,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Any Suggestions on how this can be done ?
>>>>>>>>>>>>>>> why openssl binary is crashing if i am compiling it with *-enable-weak-ssl-ciphers
>>>>>>>>>>>>>>> ,* also what is the location of the crash file.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>> Satyam
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Sun, 25 Oct 2020 at 12:57, Satyam Mehrotra <
>>>>>>>>>>>>>>> satyam226 at gmail.com> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Hello Everyone,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I have just joined the openssl users community.
>>>>>>>>>>>>>>>> My requirement is to have the SSLv3 and weak ciphers
>>>>>>>>>>>>>>>> enable with openssl installation .
>>>>>>>>>>>>>>>> I have a query regarding enabling SSLv3 protocol and weak
>>>>>>>>>>>>>>>> ciphers with openssl-1.1.1h installation
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I have followed the below steps
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> 1) *./config -enable-weak-ssl-ciphers*
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> *2) The Makefile looks as below*
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> *===============================*
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> ##
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> ## Makefile for OpenSSL
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> ##
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> ## WARNING: do not edit!
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> ## Generated by Configure from Configurations/common0.tmpl,
>>>>>>>>>>>>>>>> Configurations/unix-Makefile.tmpl, Configurations/common.tmpl
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> PLATFORM=linux-x86_64
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> OPTIONS=-enable-weak-ssl-ciphers no-asan no-buildtest-c++
>>>>>>>>>>>>>>>> no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng
>>>>>>>>>>>>>>>> no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl
>>>>>>>>>>>>>>>> no-fuzz-libfuzzer no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ubsan
>>>>>>>>>>>>>>>> no-unit-test no-zlib no-zlib-dynamic
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> CONFIGURE_ARGS=("linux-x86_64", "-enable-weak-ssl-ciphers")
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> SRCDIR=.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> BLDDIR=.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> VERSION=1.1.1h
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> MAJOR=1
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> MINOR=1.1
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> SHLIB_VERSION_NUMBER=1.1
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> SHLIB_VERSION_HISTORY=
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> SHLIB_MAJOR=1
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> SHLIB_MINOR=1
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> SHLIB_TARGET=linux-shared
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> SHLIB_EXT=.so.$(SHLIB_VERSION_NUMBER)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> SHLIB_EXT_SIMPLE=.so
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> SHLIB_EXT_IMPORT=
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> LIBS=apps/libapps.a libcrypto.a libssl.a test/libtestutil.a
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> SHLIBS=libcrypto$(SHLIB_EXT) libssl$(SHLIB_EXT)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> SHLIB_INFO=";"
>>>>>>>>>>>>>>>> "libcrypto$(SHLIB_EXT);libcrypto$(SHLIB_EXT_SIMPLE)"
>>>>>>>>>>>>>>>> "libssl$(SHLIB_EXT);libssl$(SHLIB_EXT_SIMPLE)" ";"
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> ENGINES=engines/afalg.so engines/capi.so engines/dasync.so
>>>>>>>>>>>>>>>> engines/ossltest.so engines/padlock.so
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> @
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> if i do any openssl operations it gives error ( core dumped
>>>>>>>>>>>>>>>> )
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> *./openssl ciphers -V*
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> * Segmentation fault (core dumped)*
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> *Can someone help me in resolving this issue ?*
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> If i don't use option* "**-enable-weak-ssl-ciphers " *then
>>>>>>>>>>>>>>>> the above issue is not seen but SSLv3 and weak ciphers do not get enable.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Satyam
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> SY, Dmitry Belyavsky
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> SY, Dmitry Belyavsky
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> SY, Dmitry Belyavsky
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> SY, Dmitry Belyavsky
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> SY, Dmitry Belyavsky
>>>>>>
>>>>>
>>>>
>>>> --
>>>> SY, Dmitry Belyavsky
>>>>
>>>
>>
>> --
>> SY, Dmitry Belyavsky
>>
>
--
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201026/db3ad52b/attachment-0001.html>
More information about the openssl-users
mailing list