From owner-freebsd-stable@FreeBSD.ORG Mon Dec 5 18:56:32 2011 Return-Path: Delivered-To: stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4BC36106566C for ; Mon, 5 Dec 2011 18:56:32 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 0A7A78FC13 for ; Mon, 5 Dec 2011 18:56:31 +0000 (UTC) Received: by vbbfr13 with SMTP id fr13so6695856vbb.13 for ; Mon, 05 Dec 2011 10:56:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=y1iRapLkVE4sNCdldZZk8gTNEmWxhkgAd0azNa6/yiA=; b=soJYyR4Q3au0GRfaxQ2gwTNiflDy7E6UhnB+7iRKiPagBi3zHrKzI8fH+dswGJxF6e QGRv2LT7kNw9S/+3z0mZDPAI8E0qPEOnWzMnA5X9K9NgcMj1mYqPfA7gCpMF5vwCAscT nyqrv6qDoxiU7jO/RZLrhQJvisO9jsezQfWco= MIME-Version: 1.0 Received: by 10.52.30.130 with SMTP id s2mr5645580vdh.55.1323111391062; Mon, 05 Dec 2011 10:56:31 -0800 (PST) Received: by 10.220.231.10 with HTTP; Mon, 5 Dec 2011 10:56:31 -0800 (PST) In-Reply-To: <20111202233220.GA43495@icarus.home.lan> References: <20111202233220.GA43495@icarus.home.lan> Date: Mon, 5 Dec 2011 10:56:31 -0800 Message-ID: From: Freddie Cash To: Jeremy Chadwick Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: stable@freebsd.org Subject: Re: r228152: anyone got the None cipher working with base OpenSSH? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Dec 2011 18:56:32 -0000 On Fri, Dec 2, 2011 at 3:32 PM, Jeremy Chadwick wrote: > On Fri, Dec 02, 2011 at 02:57:48PM -0800, Freddie Cash wrote: > > Looking through the commit messages for stable/8 and stable/9 I noticed > > that the HPN patches were applied to OpenSSH in the base install. And > > reading through the commit messages I see that one has to manually enable > > the None cipher. However, I cannot, for the life of me, figure out how > to > > do that. > > > > The commit message for r228152 says to put "NONE_CIPHER_ENABLED=yes" into > > /etc/make.conf. But doing so still gives the following error when world > is > > rebuilt/reinstalled: > > command-line: line 0: Bad configuration option: NoneEnabled > > > > Putting NONE_CIPHER_ENABLED=yes into /etc/src.conf and rebuilding world > > gives the same error. > > > > And, running "make -DNONE_CIPHER_ENABLED all install" under > > /usr/src/secure/usr.bin/ssh/ also gives the same error. > > > > What am I missing? What's the magic incantation to add the None cipher > to > > base ssh? > > I have been discussing this with bz@ and brooks@ privately. I would > rather not go into the details of what was discussed for reasons that I > ALSO would rather not go into. Just know that the ambiguity is > intentional. > > Here is what will work for you when added to /etc/make.conf: > > .if ${.CURDIR:M/usr/src/secure/*} > CFLAGS+=-DNONE_CIPHER_ENABLED > .endif > For the archives, the above snippet in /etc/make.conf and a buildworld cycle enabled the NONE cipher in /usr/bin/ssh. I'll be sure to read commit messages more carefully in the future. :) Here's hoping that eventually/someday this gets converted into a src.conf knob like WITH_IDEA or similar. Thanks for all the help everyone. -- Freddie Cash fjwcash@gmail.com