You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by William Bathurst <wb...@gmail.com> on 2017/01/08 03:41:09 UTC
[users@httpd] Question about adding new cipher to openssl and then testing through
apache httpd
Hello,
I have created a custom version of Openssl v1.1 where I am testing a new
cipher algorithm. I now wish to integrate and test in Apache HTTP. Where
in the source code do I need update in order to get Apache HTTP to
recognize the new cipher? I can list the new cipher using the "openssl
ciphers" command:
/usr/local/ssl/bin/openssl ciphers
ECDHE-ECDSA-CIPHERTEST256-SHA256:ECDHE-RSA-CIPHERTEST256-SHA256:ECDHE-ECDSA-CIPHERTEST128-SHA256:ECDHE-RSA-CIPHERTEST128-SHA256:CIPHERTEST256-SHA256:CIPHERTEST128-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CCM8:..
I initially tried compiling 2.4 with the custom OpenSSL and then listing
the new ciphers in the
SSLCipherSuite directive but they were not recognized.
NOTES:
Server version: Apache/2.4.24-dev (Unix)
Server built: Jan 8 2017 00:11:07
OpenSSL 1.1.1-TEST-dev xx XXX xxxx
Thanks in advance!
Re: [users@httpd] Question about adding new cipher to openssl and
then testing through apache httpd
Posted by Eric Covener <co...@gmail.com>.
On Sun, Jan 8, 2017 at 12:59 AM, William Bathurst <wb...@gmail.com> wrote:
> Hi Eric,
>
> Can you please explain how to load the new one at runtime?
Usually just whatever your platform does for LD_LIBRARY_PATH, LIBPATH, etc.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Question about adding new cipher to openssl and
then testing through apache httpd
Posted by William Bathurst <wb...@gmail.com>.
Hi Eric,
Can you please explain how to load the new one at runtime?
Thanks!
Bill
On 1/7/2017 8:08 PM, Eric Covener wrote:
> You often have to take efforts to load the new one at runtime, too
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Question about adding new cipher to openssl and
then testing through apache httpd
Posted by Eric Covener <co...@gmail.com>.
On Sat, Jan 7, 2017 at 10:41 PM, William Bathurst <wb...@gmail.com> wrote:
> I initially tried compiling 2.4 with the custom OpenSSL and then listing the
> new ciphers in the
> SSLCipherSuite directive but they were not recognized.
You often have to take efforts to load the new one at runtime, too.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Question about adding new cipher to openssl and
then testing through apache httpd
Posted by "Michael A. Peters" <mp...@domblogger.net>.
I'm not sure you need to do anything in OpenSSL.
When I build Apache against LibreSSL, I have access to ciphers in
LibreSSL that are (or were) not in OpenSSL.
As long as your new cipher doesn't trigger any blacklists in the mod_ssl
source it should be picked up and available as long as a client supports
it too.
On 01/07/2017 07:41 PM, William Bathurst wrote:
> Hello,
>
> I have created a custom version of Openssl v1.1 where I am testing a new
> cipher algorithm. I now wish to integrate and test in Apache HTTP. Where
> in the source code do I need update in order to get Apache HTTP to
> recognize the new cipher? I can list the new cipher using the "openssl
> ciphers" command:
>
> /usr/local/ssl/bin/openssl ciphers
>
> ECDHE-ECDSA-CIPHERTEST256-SHA256:ECDHE-RSA-CIPHERTEST256-SHA256:ECDHE-ECDSA-CIPHERTEST128-SHA256:ECDHE-RSA-CIPHERTEST128-SHA256:CIPHERTEST256-SHA256:CIPHERTEST128-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CCM8:..
>
> I initially tried compiling 2.4 with the custom OpenSSL and then listing
> the new ciphers in the
> SSLCipherSuite directive but they were not recognized.
>
> NOTES:
> Server version: Apache/2.4.24-dev (Unix)
> Server built: Jan 8 2017 00:11:07
>
> OpenSSL 1.1.1-TEST-dev xx XXX xxxx
>
> Thanks in advance!
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org