From owner-freebsd-questions Thu Jan 18 2: 3:28 2001 Delivered-To: freebsd-questions@freebsd.org Received: from agora.rdrop.com (agora.rdrop.com [199.2.210.241]) by hub.freebsd.org (Postfix) with ESMTP id CF29437B404 for ; Thu, 18 Jan 2001 02:03:06 -0800 (PST) Received: (from uucp@localhost) by agora.rdrop.com (8.11.1/8.11.1) with UUCP id f0IA39C69135; Thu, 18 Jan 2001 02:03:09 -0800 (PST) Received: from tedm.placo.com (tedsbox [192.168.1.20]) by toybox.placo.com (8.8.8/8.8.8) with SMTP id BAA15049; Thu, 18 Jan 2001 01:09:13 -0800 (PST) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "'Richard Grace'" Cc: Subject: RE: Problem with OpenSSL port Date: Thu, 18 Jan 2001 01:09:18 -0800 Message-ID: <004201c0812e$576528e0$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 In-Reply-To: Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >-----Original Message----- >From: Richard Grace [mailto:rgrace@aapt.com.au] >Sent: Wednesday, January 17, 2001 3:20 PM >To: tedm@toybox.placo.com >Cc: questions@FreeBSD.ORG >Subject: RE: Problem with OpenSSL port > > >>>> "Ted Mittelstaedt" 01/17/01 05:22pm >>> > >> In that case my recommendation is to ditch >> openssl and use the older ssh and ssleay. I've never gotten >> a good compile of openssh/openssl and friends on anything >> but the very latest of a UNIX system. It's like the open >> developers go out of their way to make their shit NOT >> compile on basic systems like Solaris 2.5.1+gcc, things >> like that. > >Yeah, the problem is with the licencing. I'd have to use such >an early version of ssh & ssleay to get around the commercial >usage clause. > So what? As long as you install the appropriate patches from CERT into the RSA library and into SSH, it's as good as the current Openssh stuff, it just won't support all of the newer and fancier encryption algorithms. >Solaris (among others) does not have a /dev/random. You can >substitute by using another sufficiently random device, or >install a package which supplies a random device. SUNWski >comes to mind. > I've never understood this myself since Solaris was built for Sparcs and they all have at least 1 on-board NIC in them, and the Ethernet interrupt is probably one of the better suppliers of randomness on a computer. I know not having it can weaken the security if the keys are sufficiently non-random. I've built ssh 1.2.27 on 2.5.1 without /dev/random before, but I didn't know that Sun had written one for it. What is the SUNWski package? >Richard Grace >Unix Systems Administrator >AAPT Limited > Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message