How to Enable Weak Ciphers OpenSSL 1.1.1h installation

Dmitry Belyavsky beldmit at gmail.com
Mon Oct 26 12:20:42 UTC 2020 

Dear Satyam,

First of all, I'll suggest checking whether the libcrypto/libssl are those
you've built. It can be done, e.g., via running strace.

I also suggest building openssl with -ggdb (./config -ggdb should do the
trick).

On Mon, Oct 26, 2020 at 11:34 AM Satyam Mehrotra <satyam226 at gmail.com>
wrote:

> Hi Dmitry,
>
> >>If you have just built the openssl, try to set the LD_LIBRARY_PATH
> environment variable pointing to freshly built libcrypto/libssl
>
> I try setting the LD_LIBRARY_PATH but it is still crashing
>
>       *which openssl*
>
> *      /usr/local/bin/openssl*
>
>
>       *export LD_LIBRARY_PATH=/usr/local/lib64/*
>
>
>       ls -lhrt
>
>       total 11M
>
>       drwxr-xr-x. 2 root root   61 Oct 25 16:27 pkgconfig
>
>       -rwxr-xr-x. 1 root root 3.3M Oct 26 12:58 libcrypto.so.1.1
>
>       -rwxr-xr-x. 1 root root 726K Oct 26 12:58 libssl.so.1.1
>
>       -rw-r--r--. 1 root root 5.4M Oct 26 12:58 libcrypto.a
>
>       -rw-r--r--. 1 root root 1.1M Oct 26 12:58 libssl.a
>
>        lrwxrwxrwx. 1 root root   16 Oct 26 12:58 libcrypto.so ->
> libcrypto.so.1.1
>
>        lrwxrwxrwx. 1 root root   13 Oct 26 12:58 libssl.so ->
> libssl.so.1.1
>
>        drwxr-xr-x. 2 root root   39 Oct 26 12:58 engines-1.1
>
>
>
>        *openssl ciphers -V*
>
> *       Segmentation fault*
>
>
> *gdb ./openssl core.3370 *
>
>
> GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7
>
> Copyright (C) 2013 Free Software Foundation, Inc.
>
> License GPLv3+: GNU GPL version 3 or later <
> http://gnu.org/licenses/gpl.html>
>
> This is free software: you are free to change and redistribute it.
>
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
>
> and "show warranty" for details.
>
> This GDB was configured as "x86_64-redhat-linux-gnu".
>
> For bug reporting instructions, please see:
>
> <http://www.gnu.org/software/gdb/bugs/>...
>
> Reading symbols from
> /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...(no debugging symbols
> found)...done.
>
> [New LWP 3370]
>
> [Thread debugging using libthread_db enabled]
>
> Using host libthread_db library "/lib64/libthread_db.so.1".
>
> Core was generated by `openssl ciphers -V'.
>
> Program terminated with signal 11, Segmentation fault.
>
> #0  0x000000000041c53d in do_body.isra.3 ()
>
> (gdb) bt
>
> #0  0x000000000041c53d in do_body.isra.3 ()
>
> (gdb)
>
>
>
>
> Thanks
>
> Satyam
>
>
>
>
> On Mon, 26 Oct 2020 at 12:16, Dmitry Belyavsky <beldmit at gmail.com> wrote:
>
>> If you have just built the openssl, try to set the LD_LIBRARY_PATH
>> environment variable pointing to freshly built libcrypto/libssl
>>
>> On Mon, Oct 26, 2020 at 9:33 AM Satyam Mehrotra <satyam226 at gmail.com>
>> wrote:
>>
>>> Hello,
>>>
>>> Any Suggestions on how this can be done ?
>>> why openssl binary is crashing if i am compiling it with *-enable-weak-ssl-ciphers
>>> ,* also what is the location of the crash file.
>>>
>>> Thanks
>>> Satyam
>>>
>>> On Sun, 25 Oct 2020 at 12:57, Satyam Mehrotra <satyam226 at gmail.com>
>>> wrote:
>>>
>>>> Hello Everyone,
>>>>
>>>> I have just joined the openssl users community.
>>>> My requirement is to have the SSLv3 and weak ciphers enable  with
>>>> openssl installation .
>>>> I have a query regarding enabling SSLv3 protocol and weak ciphers with
>>>> openssl-1.1.1h installation
>>>>
>>>> I have followed the below steps
>>>>
>>>> 1)  *./config -enable-weak-ssl-ciphers*
>>>>
>>>>
>>>> *2) The Makefile looks as below*
>>>>
>>>> *===============================*
>>>>
>>>>
>>>> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>>>
>>>>
>>>> ##
>>>>
>>>> ## Makefile for OpenSSL
>>>>
>>>> ##
>>>>
>>>> ## WARNING: do not edit!
>>>>
>>>> ## Generated by Configure from Configurations/common0.tmpl,
>>>> Configurations/unix-Makefile.tmpl, Configurations/common.tmpl
>>>>
>>>>
>>>> PLATFORM=linux-x86_64
>>>>
>>>> OPTIONS=-enable-weak-ssl-ciphers no-asan no-buildtest-c++
>>>> no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng
>>>> no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl
>>>> no-fuzz-libfuzzer no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ubsan
>>>> no-unit-test no-zlib no-zlib-dynamic
>>>>
>>>> CONFIGURE_ARGS=("linux-x86_64", "-enable-weak-ssl-ciphers")
>>>>
>>>> SRCDIR=.
>>>>
>>>> BLDDIR=.
>>>>
>>>>
>>>> VERSION=1.1.1h
>>>>
>>>> MAJOR=1
>>>>
>>>> MINOR=1.1
>>>>
>>>> SHLIB_VERSION_NUMBER=1.1
>>>>
>>>> SHLIB_VERSION_HISTORY=
>>>>
>>>> SHLIB_MAJOR=1
>>>>
>>>> SHLIB_MINOR=1
>>>>
>>>> SHLIB_TARGET=linux-shared
>>>>
>>>> SHLIB_EXT=.so.$(SHLIB_VERSION_NUMBER)
>>>>
>>>> SHLIB_EXT_SIMPLE=.so
>>>>
>>>> SHLIB_EXT_IMPORT=
>>>>
>>>>
>>>> LIBS=apps/libapps.a libcrypto.a libssl.a test/libtestutil.a
>>>>
>>>> SHLIBS=libcrypto$(SHLIB_EXT) libssl$(SHLIB_EXT)
>>>>
>>>> SHLIB_INFO=";" "libcrypto$(SHLIB_EXT);libcrypto$(SHLIB_EXT_SIMPLE)"
>>>> "libssl$(SHLIB_EXT);libssl$(SHLIB_EXT_SIMPLE)" ";"
>>>>
>>>> ENGINES=engines/afalg.so engines/capi.so engines/dasync.so
>>>> engines/ossltest.so engines/padlock.so
>>>>
>>>> @
>>>>
>>>>
>>>> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>>>
>>>>
>>>> if i do any openssl operations it gives error ( core dumped )
>>>>
>>>>
>>>>       *./openssl ciphers -V*
>>>>
>>>> *       Segmentation fault (core dumped)*
>>>>
>>>>
>>>> *Can someone help me in resolving this issue ?*
>>>>
>>>>
>>>> If i don't use option* "**-enable-weak-ssl-ciphers "  *then the above
>>>> issue is not seen but SSLv3 and weak ciphers do not get enable.
>>>>
>>>>
>>>> Thanks
>>>>
>>>> Satyam
>>>>
>>>
>>
>> --
>> SY, Dmitry Belyavsky
>>
>

-- 
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201026/a6f41d47/attachment-0001.html>

More information about the openssl-users mailing list