How to Enable Weak Ciphers OpenSSL 1.1.1h installation

Satyam Mehrotra satyam226 at gmail.com
Mon Oct 26 08:34:09 UTC 2020 

Hi Dmitry,

>>If you have just built the openssl, try to set the LD_LIBRARY_PATH
environment variable pointing to freshly built libcrypto/libssl

I try setting the LD_LIBRARY_PATH but it is still crashing

      *which openssl*

*      /usr/local/bin/openssl*


      *export LD_LIBRARY_PATH=/usr/local/lib64/*


      ls -lhrt

      total 11M

      drwxr-xr-x. 2 root root   61 Oct 25 16:27 pkgconfig

      -rwxr-xr-x. 1 root root 3.3M Oct 26 12:58 libcrypto.so.1.1

      -rwxr-xr-x. 1 root root 726K Oct 26 12:58 libssl.so.1.1

      -rw-r--r--. 1 root root 5.4M Oct 26 12:58 libcrypto.a

      -rw-r--r--. 1 root root 1.1M Oct 26 12:58 libssl.a

       lrwxrwxrwx. 1 root root   16 Oct 26 12:58 libcrypto.so ->
libcrypto.so.1.1

       lrwxrwxrwx. 1 root root   13 Oct 26 12:58 libssl.so -> libssl.so.1.1

       drwxr-xr-x. 2 root root   39 Oct 26 12:58 engines-1.1



       *openssl ciphers -V*

*       Segmentation fault*


*gdb ./openssl core.3370 *


GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7

Copyright (C) 2013 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html
>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-redhat-linux-gnu".

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>...

Reading symbols from /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...(no
debugging symbols found)...done.

[New LWP 3370]

[Thread debugging using libthread_db enabled]

Using host libthread_db library "/lib64/libthread_db.so.1".

Core was generated by `openssl ciphers -V'.

Program terminated with signal 11, Segmentation fault.

#0  0x000000000041c53d in do_body.isra.3 ()

(gdb) bt

#0  0x000000000041c53d in do_body.isra.3 ()

(gdb)




Thanks

Satyam




On Mon, 26 Oct 2020 at 12:16, Dmitry Belyavsky <beldmit at gmail.com> wrote:

> If you have just built the openssl, try to set the LD_LIBRARY_PATH
> environment variable pointing to freshly built libcrypto/libssl
>
> On Mon, Oct 26, 2020 at 9:33 AM Satyam Mehrotra <satyam226 at gmail.com>
> wrote:
>
>> Hello,
>>
>> Any Suggestions on how this can be done ?
>> why openssl binary is crashing if i am compiling it with *-enable-weak-ssl-ciphers
>> ,* also what is the location of the crash file.
>>
>> Thanks
>> Satyam
>>
>> On Sun, 25 Oct 2020 at 12:57, Satyam Mehrotra <satyam226 at gmail.com>
>> wrote:
>>
>>> Hello Everyone,
>>>
>>> I have just joined the openssl users community.
>>> My requirement is to have the SSLv3 and weak ciphers enable  with
>>> openssl installation .
>>> I have a query regarding enabling SSLv3 protocol and weak ciphers with
>>> openssl-1.1.1h installation
>>>
>>> I have followed the below steps
>>>
>>> 1)  *./config -enable-weak-ssl-ciphers*
>>>
>>>
>>> *2) The Makefile looks as below*
>>>
>>> *===============================*
>>>
>>>
>>> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>>
>>>
>>> ##
>>>
>>> ## Makefile for OpenSSL
>>>
>>> ##
>>>
>>> ## WARNING: do not edit!
>>>
>>> ## Generated by Configure from Configurations/common0.tmpl,
>>> Configurations/unix-Makefile.tmpl, Configurations/common.tmpl
>>>
>>>
>>> PLATFORM=linux-x86_64
>>>
>>> OPTIONS=-enable-weak-ssl-ciphers no-asan no-buildtest-c++
>>> no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng
>>> no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl
>>> no-fuzz-libfuzzer no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ubsan
>>> no-unit-test no-zlib no-zlib-dynamic
>>>
>>> CONFIGURE_ARGS=("linux-x86_64", "-enable-weak-ssl-ciphers")
>>>
>>> SRCDIR=.
>>>
>>> BLDDIR=.
>>>
>>>
>>> VERSION=1.1.1h
>>>
>>> MAJOR=1
>>>
>>> MINOR=1.1
>>>
>>> SHLIB_VERSION_NUMBER=1.1
>>>
>>> SHLIB_VERSION_HISTORY=
>>>
>>> SHLIB_MAJOR=1
>>>
>>> SHLIB_MINOR=1
>>>
>>> SHLIB_TARGET=linux-shared
>>>
>>> SHLIB_EXT=.so.$(SHLIB_VERSION_NUMBER)
>>>
>>> SHLIB_EXT_SIMPLE=.so
>>>
>>> SHLIB_EXT_IMPORT=
>>>
>>>
>>> LIBS=apps/libapps.a libcrypto.a libssl.a test/libtestutil.a
>>>
>>> SHLIBS=libcrypto$(SHLIB_EXT) libssl$(SHLIB_EXT)
>>>
>>> SHLIB_INFO=";" "libcrypto$(SHLIB_EXT);libcrypto$(SHLIB_EXT_SIMPLE)"
>>> "libssl$(SHLIB_EXT);libssl$(SHLIB_EXT_SIMPLE)" ";"
>>>
>>> ENGINES=engines/afalg.so engines/capi.so engines/dasync.so
>>> engines/ossltest.so engines/padlock.so
>>>
>>> @
>>>
>>>
>>> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>>
>>>
>>> if i do any openssl operations it gives error ( core dumped )
>>>
>>>
>>>       *./openssl ciphers -V*
>>>
>>> *       Segmentation fault (core dumped)*
>>>
>>>
>>> *Can someone help me in resolving this issue ?*
>>>
>>>
>>> If i don't use option* "**-enable-weak-ssl-ciphers "  *then the above
>>> issue is not seen but SSLv3 and weak ciphers do not get enable.
>>>
>>>
>>> Thanks
>>>
>>> Satyam
>>>
>>
>
> --
> SY, Dmitry Belyavsky
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201026/060152a8/attachment-0001.html>

More information about the openssl-users mailing list