How to Enable Weak Ciphers OpenSSL 1.1.1h installation

Satyam Mehrotra satyam226 at gmail.com
Mon Oct 26 13:54:17 UTC 2020


Dear Dmitry,

As suggested i have build the openssl with -ggdb  ( ./config -ggdb
-enable-weak-ssl-ciphers ) and after building i did make install as well.

The strace output is as below
==============================

*strace ./openssl*


execve("./openssl", ["./openssl"], 0x7ffc8151b3d0 /* 27 vars */) = 0

brk(NULL)                               = 0x1b4f000

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f3046813000

access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or
directory)

open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=35929, ...}) = 0

mmap(NULL, 35929, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f304680a000

close(3)                                = 0

open("/usr/local/lib64/libssl.so.1.1", O_RDONLY|O_CLOEXEC) = 3

read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\24\2\0\0\0\0\0"..., 832)
= 832

fstat(3, {st_mode=S_IFREG|0755, st_size=742664, ...}) = 0

mmap(NULL, 2748352, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f3046354000

mprotect(0x7f30463e4000, 2097152, PROT_NONE) = 0

mmap(0x7f30465e4000, 61440, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x90000) = 0x7f30465e4000

close(3)                                = 0

open("/usr/local/lib64/libcrypto.so.1.1", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0p\7\0\0\0\0\0"...,
832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=3397280, ...}) = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f3046809000

mmap(NULL, 5158840, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f3045e68000

mprotect(0x7f3046122000, 2097152, PROT_NONE) = 0

mmap(0x7f3046322000, 188416, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2ba000) = 0x7f3046322000

mmap(0x7f3046350000, 14264, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3046350000

close(3)                                = 0

open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3

read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\16\0\0\0\0\0\0"..., 832) =
832

fstat(3, {st_mode=S_IFREG|0755, st_size=19248, ...}) = 0

mmap(NULL, 2109744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f3045c64000

mprotect(0x7f3045c66000, 2097152, PROT_NONE) = 0

mmap(0x7f3045e66000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f3045e66000

close(3)                                = 0

open("/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3

read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200m\0\0\0\0\0\0"..., 832)
= 832

fstat(3, {st_mode=S_IFREG|0755, st_size=142144, ...}) = 0

mmap(NULL, 2208904, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f3045a48000

mprotect(0x7f3045a5f000, 2093056, PROT_NONE) = 0

mmap(0x7f3045c5e000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7f3045c5e000

mmap(0x7f3045c60000, 13448, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045c60000

close(3)                                = 0

open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"...,
832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=2156240, ...}) = 0

mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f304567a000

mprotect(0x7f304583d000, 2097152, PROT_NONE) = 0

mmap(0x7f3045a3d000, 24576, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7f3045a3d000

mmap(0x7f3045a43000, 16896, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045a43000

close(3)                                = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f3046808000

mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f3046806000

arch_prctl(ARCH_SET_FS, 0x7f3046806740) = 0

mprotect(0x7f3045a3d000, 16384, PROT_READ) = 0

mprotect(0x7f3045c5e000, 4096, PROT_READ) = 0

mprotect(0x7f3045e66000, 4096, PROT_READ) = 0

mprotect(0x7f3046322000, 176128, PROT_READ) = 0

mprotect(0x7f30465e4000, 40960, PROT_READ) = 0

mprotect(0x692000, 4096, PROT_READ)     = 0

mprotect(0x7f3046814000, 4096, PROT_READ) = 0

munmap(0x7f304680a000, 35929)           = 0

set_tid_address(0x7f3046806a10)         = 47865

set_robust_list(0x7f3046806a20, 24)     = 0

rt_sigaction(SIGRTMIN, {sa_handler=0x7f3045a4e860, sa_mask=[],
sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f3045a57630}, NULL, 8) = 0

rt_sigaction(SIGRT_1, {sa_handler=0x7f3045a4e8f0, sa_mask=[],
sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3045a57630},
NULL, 8) = 0

rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0

getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0

--- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} ---

+++ killed by SIGSEGV (core dumped) +++

Segmentation fault



*Thanks*

*Satyam*



On Mon, 26 Oct 2020 at 17:50, Dmitry Belyavsky <beldmit at gmail.com> wrote:

> Dear Satyam,
>
> First of all, I'll suggest checking whether the libcrypto/libssl are those
> you've built. It can be done, e.g., via running strace.
>
> I also suggest building openssl with -ggdb (./config -ggdb should do the
> trick).
>
> On Mon, Oct 26, 2020 at 11:34 AM Satyam Mehrotra <satyam226 at gmail.com>
> wrote:
>
>> Hi Dmitry,
>>
>> >>If you have just built the openssl, try to set the LD_LIBRARY_PATH
>> environment variable pointing to freshly built libcrypto/libssl
>>
>> I try setting the LD_LIBRARY_PATH but it is still crashing
>>
>>       *which openssl*
>>
>> *      /usr/local/bin/openssl*
>>
>>
>>       *export LD_LIBRARY_PATH=/usr/local/lib64/*
>>
>>
>>       ls -lhrt
>>
>>       total 11M
>>
>>       drwxr-xr-x. 2 root root   61 Oct 25 16:27 pkgconfig
>>
>>       -rwxr-xr-x. 1 root root 3.3M Oct 26 12:58 libcrypto.so.1.1
>>
>>       -rwxr-xr-x. 1 root root 726K Oct 26 12:58 libssl.so.1.1
>>
>>       -rw-r--r--. 1 root root 5.4M Oct 26 12:58 libcrypto.a
>>
>>       -rw-r--r--. 1 root root 1.1M Oct 26 12:58 libssl.a
>>
>>        lrwxrwxrwx. 1 root root   16 Oct 26 12:58 libcrypto.so ->
>> libcrypto.so.1.1
>>
>>        lrwxrwxrwx. 1 root root   13 Oct 26 12:58 libssl.so ->
>> libssl.so.1.1
>>
>>        drwxr-xr-x. 2 root root   39 Oct 26 12:58 engines-1.1
>>
>>
>>
>>        *openssl ciphers -V*
>>
>> *       Segmentation fault*
>>
>>
>> *gdb ./openssl core.3370 *
>>
>>
>> GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7
>>
>> Copyright (C) 2013 Free Software Foundation, Inc.
>>
>> License GPLv3+: GNU GPL version 3 or later <
>> http://gnu.org/licenses/gpl.html>
>>
>> This is free software: you are free to change and redistribute it.
>>
>> There is NO WARRANTY, to the extent permitted by law.  Type "show
>> copying"
>>
>> and "show warranty" for details.
>>
>> This GDB was configured as "x86_64-redhat-linux-gnu".
>>
>> For bug reporting instructions, please see:
>>
>> <http://www.gnu.org/software/gdb/bugs/>...
>>
>> Reading symbols from
>> /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...(no debugging symbols
>> found)...done.
>>
>> [New LWP 3370]
>>
>> [Thread debugging using libthread_db enabled]
>>
>> Using host libthread_db library "/lib64/libthread_db.so.1".
>>
>> Core was generated by `openssl ciphers -V'.
>>
>> Program terminated with signal 11, Segmentation fault.
>>
>> #0  0x000000000041c53d in do_body.isra.3 ()
>>
>> (gdb) bt
>>
>> #0  0x000000000041c53d in do_body.isra.3 ()
>>
>> (gdb)
>>
>>
>>
>>
>> Thanks
>>
>> Satyam
>>
>>
>>
>>
>> On Mon, 26 Oct 2020 at 12:16, Dmitry Belyavsky <beldmit at gmail.com> wrote:
>>
>>> If you have just built the openssl, try to set the LD_LIBRARY_PATH
>>> environment variable pointing to freshly built libcrypto/libssl
>>>
>>> On Mon, Oct 26, 2020 at 9:33 AM Satyam Mehrotra <satyam226 at gmail.com>
>>> wrote:
>>>
>>>> Hello,
>>>>
>>>> Any Suggestions on how this can be done ?
>>>> why openssl binary is crashing if i am compiling it with *-enable-weak-ssl-ciphers
>>>> ,* also what is the location of the crash file.
>>>>
>>>> Thanks
>>>> Satyam
>>>>
>>>> On Sun, 25 Oct 2020 at 12:57, Satyam Mehrotra <satyam226 at gmail.com>
>>>> wrote:
>>>>
>>>>> Hello Everyone,
>>>>>
>>>>> I have just joined the openssl users community.
>>>>> My requirement is to have the SSLv3 and weak ciphers enable  with
>>>>> openssl installation .
>>>>> I have a query regarding enabling SSLv3 protocol and weak ciphers with
>>>>> openssl-1.1.1h installation
>>>>>
>>>>> I have followed the below steps
>>>>>
>>>>> 1)  *./config -enable-weak-ssl-ciphers*
>>>>>
>>>>>
>>>>> *2) The Makefile looks as below*
>>>>>
>>>>> *===============================*
>>>>>
>>>>>
>>>>> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>>>>
>>>>>
>>>>> ##
>>>>>
>>>>> ## Makefile for OpenSSL
>>>>>
>>>>> ##
>>>>>
>>>>> ## WARNING: do not edit!
>>>>>
>>>>> ## Generated by Configure from Configurations/common0.tmpl,
>>>>> Configurations/unix-Makefile.tmpl, Configurations/common.tmpl
>>>>>
>>>>>
>>>>> PLATFORM=linux-x86_64
>>>>>
>>>>> OPTIONS=-enable-weak-ssl-ciphers no-asan no-buildtest-c++
>>>>> no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng
>>>>> no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl
>>>>> no-fuzz-libfuzzer no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ubsan
>>>>> no-unit-test no-zlib no-zlib-dynamic
>>>>>
>>>>> CONFIGURE_ARGS=("linux-x86_64", "-enable-weak-ssl-ciphers")
>>>>>
>>>>> SRCDIR=.
>>>>>
>>>>> BLDDIR=.
>>>>>
>>>>>
>>>>> VERSION=1.1.1h
>>>>>
>>>>> MAJOR=1
>>>>>
>>>>> MINOR=1.1
>>>>>
>>>>> SHLIB_VERSION_NUMBER=1.1
>>>>>
>>>>> SHLIB_VERSION_HISTORY=
>>>>>
>>>>> SHLIB_MAJOR=1
>>>>>
>>>>> SHLIB_MINOR=1
>>>>>
>>>>> SHLIB_TARGET=linux-shared
>>>>>
>>>>> SHLIB_EXT=.so.$(SHLIB_VERSION_NUMBER)
>>>>>
>>>>> SHLIB_EXT_SIMPLE=.so
>>>>>
>>>>> SHLIB_EXT_IMPORT=
>>>>>
>>>>>
>>>>> LIBS=apps/libapps.a libcrypto.a libssl.a test/libtestutil.a
>>>>>
>>>>> SHLIBS=libcrypto$(SHLIB_EXT) libssl$(SHLIB_EXT)
>>>>>
>>>>> SHLIB_INFO=";" "libcrypto$(SHLIB_EXT);libcrypto$(SHLIB_EXT_SIMPLE)"
>>>>> "libssl$(SHLIB_EXT);libssl$(SHLIB_EXT_SIMPLE)" ";"
>>>>>
>>>>> ENGINES=engines/afalg.so engines/capi.so engines/dasync.so
>>>>> engines/ossltest.so engines/padlock.so
>>>>>
>>>>> @
>>>>>
>>>>>
>>>>> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>>>>
>>>>>
>>>>> if i do any openssl operations it gives error ( core dumped )
>>>>>
>>>>>
>>>>>       *./openssl ciphers -V*
>>>>>
>>>>> *       Segmentation fault (core dumped)*
>>>>>
>>>>>
>>>>> *Can someone help me in resolving this issue ?*
>>>>>
>>>>>
>>>>> If i don't use option* "**-enable-weak-ssl-ciphers "  *then the above
>>>>> issue is not seen but SSLv3 and weak ciphers do not get enable.
>>>>>
>>>>>
>>>>> Thanks
>>>>>
>>>>> Satyam
>>>>>
>>>>
>>>
>>> --
>>> SY, Dmitry Belyavsky
>>>
>>
>
> --
> SY, Dmitry Belyavsky
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201026/cfff02d3/attachment-0001.html>


More information about the openssl-users mailing list