Date: Thu, 18 Jan 2001 01:09:18 -0800 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "'Richard Grace'" <rgrace@aapt.com.au> Cc: <questions@FreeBSD.ORG> Subject: RE: Problem with OpenSSL port Message-ID: <004201c0812e$576528e0$1401a8c0@tedm.placo.com> In-Reply-To: <sa66c35d.081@aaptmailmta.aapt.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
>-----Original Message----- >From: Richard Grace [mailto:rgrace@aapt.com.au] >Sent: Wednesday, January 17, 2001 3:20 PM >To: tedm@toybox.placo.com >Cc: questions@FreeBSD.ORG >Subject: RE: Problem with OpenSSL port > > >>>> "Ted Mittelstaedt" <tedm@toybox.placo.com> 01/17/01 05:22pm >>> > >> In that case my recommendation is to ditch >> openssl and use the older ssh and ssleay. I've never gotten >> a good compile of openssh/openssl and friends on anything >> but the very latest of a UNIX system. It's like the open >> developers go out of their way to make their shit NOT >> compile on basic systems like Solaris 2.5.1+gcc, things >> like that. > >Yeah, the problem is with the licencing. I'd have to use such >an early version of ssh & ssleay to get around the commercial >usage clause. > So what? As long as you install the appropriate patches from CERT into the RSA library and into SSH, it's as good as the current Openssh stuff, it just won't support all of the newer and fancier encryption algorithms. >Solaris (among others) does not have a /dev/random. You can >substitute by using another sufficiently random device, or >install a package which supplies a random device. SUNWski >comes to mind. > I've never understood this myself since Solaris was built for Sparcs and they all have at least 1 on-board NIC in them, and the Ethernet interrupt is probably one of the better suppliers of randomness on a computer. I know not having it can weaken the security if the keys are sufficiently non-random. I've built ssh 1.2.27 on 2.5.1 without /dev/random before, but I didn't know that Sun had written one for it. What is the SUNWski package? >Richard Grace >Unix Systems Administrator >AAPT Limited > Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004201c0812e$576528e0$1401a8c0>