[openssl-users] Greetings from a new openssl user and the inevitable request for help

Richard Dwan Richard.Dwan at neul.com
Tue Dec 16 11:45:41 UTC 2014


Hello,

I have just joined the many people who are using openssl and I want to say thank you to the developers for creating and maintaining this library; I greatly appreciate the time and effort you all must have put into this.

I really should say I am attempting to join the many people who use openssl; I am attempting to update an unmaintained UDP encrypted communication library that I am told used to work (but have not seen evidence of this myself) and appears to have always used openssl but I do not know what version.
I have successfully managed to compile and link to a current openssl library (openssl-1.0.1j.tar.gz) but have been unable to determine what are the likely causes of the following error messages:

139924302898976:error:1411C146:SSL routines:tls1_prf:unsupported digest type:t1_enc.c:276:
139924302898976:error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or hash unavailable:t1_enc.c:602:

There is a long thread of discussion about these error messages being encountered by a Joan Moreau which appears to blame the O/S install or compilation options (http://www.devheads.net/server/postfix/user/smtps-465.htm)
I am using CentOS 6.6 (updated with "sudo yum update"), configured, compiled and deployed openssl using the downloaded source following the instructions on http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssl.html
Invoking "openssl version -a" gives me the following
OpenSSL 1.0.1j 15 Oct 2014
built on: Thu Dec 11 14:23:36 GMT 2014
platform: linux-x86_64
options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/etc/ssl"

I am testing the library using a demo client/server (which appears to have been used by the original author to develop the library) with a private RSA key and public self-signed certificate.  I have re-created a key and certificate to check to make sure there was no problem with them (the original demo key and certificate resulted in the same error messages).

The key uses:
  Private-Key: (2048 bit)

The certificate uses:
  Signature Algorithm: sha1WithRSAEncryption
  Public Key Algorithm: rsaEncryption
  Public-Key: (2048 bit)
  Signature Algorithm: sha1WithRSAEncryption

Both the modulus and public exponents match

I would be very grateful if anyone could suggest any useful lines of inquiry whilst I try to use gdb to determine the call chain that results in these error messages.

Thank you for any help you can provide,
Richard

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20141216/f63f9fe0/attachment.html>


More information about the openssl-users mailing list