Removing tls1 support in Openssl 1.0.2o

FooCrypt openssl at foocrypt.net
Sun Apr 19 06:10:33 UTC 2020


Hi Sam

Did you try :

openssl-1.0.2u.tar.gz : 

Configuring for 
Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]

pick os/compiler from:
BC-32 BS2000-OSD BSD-generic32 BSD-generic64 BSD-ia64 BSD-sparc64 BSD-sparcv8 
BSD-x86 BSD-x86-elf BSD-x86_64 Cygwin Cygwin-x86_64 DJGPP MPE/iX-gcc OS2-EMX 
OS390-Unix QNX6 QNX6-i386 ReliantUNIX SINIX SINIX-N UWIN VC-CE VC-WIN32 
VC-WIN64A VC-WIN64I aix-cc aix-gcc aix3-cc aix64-cc aix64-gcc android 
android-armv7 android-mips android-x86 android64-aarch64 aux3-gcc 
beos-x86-bone beos-x86-r5 bsdi-elf-gcc cc cray-j90 cray-t3e darwin-i386-cc 
darwin-ppc-cc darwin64-ppc-cc darwin64-x86_64-cc dgux-R3-gcc dgux-R4-gcc 
dgux-R4-x86-gcc dist gcc hpux-cc hpux-gcc hpux-ia64-cc hpux-ia64-gcc 
hpux-parisc-cc hpux-parisc-cc-o4 hpux-parisc-gcc hpux-parisc1_1-cc 
hpux-parisc1_1-gcc hpux-parisc2-cc hpux-parisc2-gcc hpux64-ia64-cc 
hpux64-ia64-gcc hpux64-parisc2-cc hpux64-parisc2-gcc hurd-x86 iphoneos-cross 
irix-cc irix-gcc irix-mips3-cc irix-mips3-gcc irix64-mips4-cc irix64-mips4-gcc 
linux-aarch64 linux-alpha+bwx-ccc linux-alpha+bwx-gcc linux-alpha-ccc 
linux-alpha-gcc linux-aout linux-armv4 linux-elf linux-generic32 
linux-generic64 linux-ia32-icc linux-ia64 linux-ia64-icc linux-mips32 
linux-mips64 linux-ppc linux-ppc64 linux-ppc64le linux-sparcv8 linux-sparcv9 
linux-x32 linux-x86_64 linux-x86_64-clang linux-x86_64-icc linux32-s390x 
linux64-mips64 linux64-s390x linux64-sparcv9 mingw mingw64 ncr-scde 
netware-clib netware-clib-bsdsock netware-clib-bsdsock-gcc netware-clib-gcc 
netware-libc netware-libc-bsdsock netware-libc-bsdsock-gcc netware-libc-gcc 
newsos4-gcc nextstep nextstep3.3 osf1-alpha-cc osf1-alpha-gcc purify qnx4 
rhapsody-ppc-cc sco5-cc sco5-gcc solaris-sparcv7-cc solaris-sparcv7-gcc 
solaris-sparcv8-cc solaris-sparcv8-gcc solaris-sparcv9-cc solaris-sparcv9-gcc 
solaris-x86-cc solaris-x86-gcc solaris64-sparcv9-cc solaris64-sparcv9-gcc 
solaris64-x86_64-cc solaris64-x86_64-gcc sunos-gcc tandem-c89 tru64-alpha-cc 
uClinux-dist uClinux-dist64 ultrix-cc ultrix-gcc unixware-2.0 unixware-2.1 
unixware-7 unixware-7-gcc vos-gcc vxworks-mips vxworks-ppc405 vxworks-ppc60x 
vxworks-ppc750 vxworks-ppc750-debug vxworks-ppc860 vxworks-ppcgen 
vxworks-simlinux debug debug-BSD-x86-elf debug-VC-WIN32 debug-VC-WIN64A 
debug-VC-WIN64I debug-ben debug-ben-darwin64 debug-ben-debug 
debug-ben-debug-64 debug-ben-debug-64-clang debug-ben-macos 
debug-ben-macos-gcc46 debug-ben-no-opt debug-ben-openbsd 
debug-ben-openbsd-debug debug-ben-strict debug-bodo debug-darwin-i386-cc 
debug-darwin-ppc-cc debug-darwin64-x86_64-cc debug-geoff32 debug-geoff64 
debug-levitte-linux-elf debug-levitte-linux-elf-extreme 
debug-levitte-linux-noasm debug-levitte-linux-noasm-extreme debug-linux-elf 
debug-linux-elf-noefence debug-linux-generic32 debug-linux-generic64 
debug-linux-ia32-aes debug-linux-pentium debug-linux-ppro debug-linux-x86_64 
debug-linux-x86_64-clang debug-rse debug-solaris-sparcv8-cc 
debug-solaris-sparcv8-gcc debug-solaris-sparcv9-cc debug-solaris-sparcv9-gcc 
debug-steve-opt debug-steve32 debug-steve64 debug-vos-gcc 


ie:

./Configure [ os/compiler from above ] no-ssl no-tls no-dtls no-ssl3-method no-tls1-method no-tls1_1-method no-tls1_2-method no-dtls1-method no-dtls1_2-method no-nextprotoneg no-comp


> On 19 Apr 2020, at 09:50, Sam Kappen <skappen at mvista.com> wrote:
> 
> Hi
> 
> We are using a poky with branch "rocko" based build system.
> Looking for disabling  sslv3 tlsv1 on openssl.(Openssl 1.0.2o)
> 
> I am seeing SSLv3 support in Openssl 1.0.2o is disabled by default.
> This patch is already part of our build system.
> https://patchwork.openembedded.org/patch/88921/
> 
> For disabling tls1 tried with EXTRA_OECONF = " -no-ssl3 -no-tls1" but
> seems like all of the tls1, tls1_1, tls1_2 are disabled.
> 
> Request your help in disabling the protocol tls1 in openssl.
> 
> Regards,
> Sam


-- 

Regards,

Mark A. Lane   

© Mark A. Lane 1980 - 2020, All Rights Reserved.
© FooCrypt 1980 - 2020, All Rights Reserved.
© FooCrypt, A Tale of Cynical Cyclical Encryption. 1980 - 2020, All Rights Reserved.
© Cryptopocalypse 1980 - 2020, All Rights Reserved.



More information about the openssl-users mailing list