From owner-freebsd-security@FreeBSD.ORG Mon Jun 3 07:24:34 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 970664BB for ; Mon, 3 Jun 2013 07:24:34 +0000 (UTC) (envelope-from victor@bsdes.net) Received: from equilibrium.bsdes.net (244.Red-217-126-240.staticIP.rima-tde.net [217.126.240.244]) by mx1.freebsd.org (Postfix) with ESMTP id 50CE61B9D for ; Mon, 3 Jun 2013 07:24:33 +0000 (UTC) Received: by equilibrium.bsdes.net (Postfix, from userid 1001) id 6A4D122877; Mon, 3 Jun 2013 09:16:08 +0200 (CEST) Date: Mon, 3 Jun 2013 09:16:08 +0200 From: Victor Balada Diaz To: freebsd-security@freebsd.org Subject: OpenSSH ignores /etc/ssl/openssl.cnf Message-ID: <20130603071608.GL74846@equilibrium.bsdes.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.5.21 (2010-09-15) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jun 2013 07:24:34 -0000 Hello, While trying to configure padlock(4) engine as default engine for my system i've noticed that OpenSSH ignores openssl.cnf. Ie: $ truss openssl speed aes-128-cbc 2>&1 |grep -i openssl.cnf open("/etc/ssl/openssl.cnf",O_RDONLY,0666) = 3 (0x3) $ truss scp -c aes128-cbc localhost:/tmp/foo /tmp/bar 2>&1 |grep -i openssl $ How should i configure it without using openssl.cnf? FreeBSD version: 9.0 and 9.1, i386 and amd64, with base openssl and openssh. Regards. Victor. -- La prueba más fehaciente de que existe vida inteligente en otros planetas, es que no han intentado contactar con nosotros.