Wanted details on ./config or Configure options

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Wanted details on ./config or Configure options

Jayalakshmi bhat
Hi All,

I am looking for details on options used to disable or remove unwanted ciphers, components while openssl building. This is for OpenSSL 1.0.2h. I am seeing many things on internet. But most of them have minimum explanation, please can you tell me is there any link that I can refer.

Regards
Jaya

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Wanted details on ./config or Configure options

Matt Caswell-2


On 24/10/17 07:06, Jayalakshmi bhat wrote:
> Hi All,
>
> I am looking for details on options used to disable or remove unwanted
> ciphers, components while openssl building. This is for OpenSSL 1.0.2h.
> I am seeing many things on internet. But most of them have minimum
> explanation, please can you tell me is there any link that I can refer.

Have you looked in INSTALL?

https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL

Matt

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Wanted details on ./config or Configure options

Jayalakshmi bhat
Hi Matt,

Thanks a lot. This helps me. I had seen different options for OpenSSL 1.0.1e versions. Hence had some confusions.
Does this means, options specified here only can be used for OpenSSL 1.0.2x releases.

Regards
Jayalakshmi

On Tue, Oct 24, 2017 at 2:31 PM, Matt Caswell <[hidden email]> wrote:


On 24/10/17 07:06, Jayalakshmi bhat wrote:
> Hi All,
>
> I am looking for details on options used to disable or remove unwanted
> ciphers, components while openssl building. This is for OpenSSL 1.0.2h.
> I am seeing many things on internet. But most of them have minimum
> explanation, please can you tell me is there any link that I can refer.

Have you looked in INSTALL?

https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL

Matt

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Wanted details on ./config or Configure options

Matt Caswell-2


On 25/10/17 18:02, Jayalakshmi bhat wrote:
> Hi Matt,
>
> Thanks a lot. This helps me. I had seen different options for OpenSSL
> 1.0.1e versions. Hence had some confusions.
> Does this means, options specified here only can be used for OpenSSL
> 1.0.2x releases.

The INSTALL file is specific to a release. Many options are applicable
to both 1.0.1 and 1.0.2 but there may be some differences. We did quite
a bit of work on the INSTALL file in the latest 1.1.0 release to make
sure all options were documented properly. That happened after the 1.0.2
release so it could be the case that there are some options that are
undocumented in 1.0.2.

Matt

>
> Regards
> Jayalakshmi
>
> On Tue, Oct 24, 2017 at 2:31 PM, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 24/10/17 07:06, Jayalakshmi bhat wrote:
>     > Hi All,
>     >
>     > I am looking for details on options used to disable or remove unwanted
>     > ciphers, components while openssl building. This is for OpenSSL 1.0.2h.
>     > I am seeing many things on internet. But most of them have minimum
>     > explanation, please can you tell me is there any link that I can refer.
>
>     Have you looked in INSTALL?
>
>     https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL
>     <https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL>
>
>     Matt
>
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Wanted details on ./config or Configure options

Jayalakshmi bhat
Hi Matt,

Thanks a lot for the response. Sorry for the delayed reply. I was out of office for a while. This helped me.  However I am not seeing option to remove unwanted engine files to go away from compilation. OpenSSL 1.01x method (no-hw no-hw-4758-cca no-hw-aep no-hw-atalla no-hw-chil no-hw-cswift no-hw-ibmca no-hw-ncipher no-hw-nuron no-hw-padlock no-hw-sureware no-hw-ubsec no-hw-zencod) does not seems to work. Is there any way to do it?


Regards
Jayalakshmi

On Thu, Oct 26, 2017 at 4:09 PM, Matt Caswell <[hidden email]> wrote:


On 25/10/17 18:02, Jayalakshmi bhat wrote:
> Hi Matt,
>
> Thanks a lot. This helps me. I had seen different options for OpenSSL
> 1.0.1e versions. Hence had some confusions.
> Does this means, options specified here only can be used for OpenSSL
> 1.0.2x releases.

The INSTALL file is specific to a release. Many options are applicable
to both 1.0.1 and 1.0.2 but there may be some differences. We did quite
a bit of work on the INSTALL file in the latest 1.1.0 release to make
sure all options were documented properly. That happened after the 1.0.2
release so it could be the case that there are some options that are
undocumented in 1.0.2.

Matt

>
> Regards
> Jayalakshmi
>
> On Tue, Oct 24, 2017 at 2:31 PM, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 24/10/17 07:06, Jayalakshmi bhat wrote:
>     > Hi All,
>     >
>     > I am looking for details on options used to disable or remove unwanted
>     > ciphers, components while openssl building. This is for OpenSSL 1.0.2h.
>     > I am seeing many things on internet. But most of them have minimum
>     > explanation, please can you tell me is there any link that I can refer.
>
>     Have you looked in INSTALL?
>
>     https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL
>     <https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL>
>
>     Matt
>
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Wanted details on ./config or Configure options

Matt Caswell-2


On 02/11/17 07:07, Jayalakshmi bhat wrote:
> Hi Matt,
>
> Thanks a lot for the response. Sorry for the delayed reply. I was out of
> office for a while. This helped me.  However I am not seeing option to
> remove unwanted engine files to go away from compilation. OpenSSL 1.01x
> method
> (no-hw no-hw-4758-cca no-hw-aep no-hw-atalla no-hw-chil no-hw-cswift no-hw-ibmca no-hw-ncipher no-hw-nuron no-hw-padlock no-hw-sureware no-hw-ubsec no-hw-zencod)
> does not seems to work. Is there any way to do it?

Hmmm - that looks like a possible bug to me. I think that should work
(Richard Levitte may be able to comment).

You can also use no-engine which switches off engine support altogether

Matt

>
>
> Regards
> Jayalakshmi
>
> On Thu, Oct 26, 2017 at 4:09 PM, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 25/10/17 18:02, Jayalakshmi bhat wrote:
>     > Hi Matt,
>     >
>     > Thanks a lot. This helps me. I had seen different options for OpenSSL
>     > 1.0.1e versions. Hence had some confusions.
>     > Does this means, options specified here only can be used for OpenSSL
>     > 1.0.2x releases.
>
>     The INSTALL file is specific to a release. Many options are applicable
>     to both 1.0.1 and 1.0.2 but there may be some differences. We did quite
>     a bit of work on the INSTALL file in the latest 1.1.0 release to make
>     sure all options were documented properly. That happened after the 1.0.2
>     release so it could be the case that there are some options that are
>     undocumented in 1.0.2.
>
>     Matt
>
>     >
>     > Regards
>     > Jayalakshmi
>     >
>     > On Tue, Oct 24, 2017 at 2:31 PM, Matt Caswell <[hidden email] <mailto:[hidden email]>
>     > <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>     >
>     >
>     >
>     >     On 24/10/17 07:06, Jayalakshmi bhat wrote:
>     >     > Hi All,
>     >     >
>     >     > I am looking for details on options used to disable or remove unwanted
>     >     > ciphers, components while openssl building. This is for OpenSSL 1.0.2h.
>     >     > I am seeing many things on internet. But most of them have minimum
>     >     > explanation, please can you tell me is there any link that I can refer.
>     >
>     >     Have you looked in INSTALL?
>     >
>     >     https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL
>     <https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL>
>     >     <https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL
>     <https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL>>
>     >
>     >     Matt
>     >
>     >     --
>     >     openssl-users mailing list
>     >     To unsubscribe:
>     >     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >
>     >
>     >
>     >
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Wanted details on ./config or Configure options

Jayalakshmi bhat
Hi Matt,

Thanks for the reply. We dont want to turn off the engine fully. We have TPM chip, that is part of OpenSSL. I just want to turn off default available hardware using

no-hw-4758-cca no-hw-aep no-hw-atalla no-hw-chil no-hw-cswift no-hw-ibmca no-hw-ncipher no-hw-nuron no-hw-padlock no-hw-sureware no-hw-ubsec no-hw-zencod.

However as of now using the above values with ./Configure is not turning off the compilation of the other hardware components.

Regards
Jaya

On Thu, Nov 2, 2017 at 3:56 PM, Matt Caswell <[hidden email]> wrote:


On 02/11/17 07:07, Jayalakshmi bhat wrote:
> Hi Matt,
>
> Thanks a lot for the response. Sorry for the delayed reply. I was out of
> office for a while. This helped me.  However I am not seeing option to
> remove unwanted engine files to go away from compilation. OpenSSL 1.01x
> method
> (no-hw no-hw-4758-cca no-hw-aep no-hw-atalla no-hw-chil no-hw-cswift no-hw-ibmca no-hw-ncipher no-hw-nuron no-hw-padlock no-hw-sureware no-hw-ubsec no-hw-zencod)
> does not seems to work. Is there any way to do it?

Hmmm - that looks like a possible bug to me. I think that should work
(Richard Levitte may be able to comment).

You can also use no-engine which switches off engine support altogether

Matt

>
>
> Regards
> Jayalakshmi
>
> On Thu, Oct 26, 2017 at 4:09 PM, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 25/10/17 18:02, Jayalakshmi bhat wrote:
>     > Hi Matt,
>     >
>     > Thanks a lot. This helps me. I had seen different options for OpenSSL
>     > 1.0.1e versions. Hence had some confusions.
>     > Does this means, options specified here only can be used for OpenSSL
>     > 1.0.2x releases.
>
>     The INSTALL file is specific to a release. Many options are applicable
>     to both 1.0.1 and 1.0.2 but there may be some differences. We did quite
>     a bit of work on the INSTALL file in the latest 1.1.0 release to make
>     sure all options were documented properly. That happened after the 1.0.2
>     release so it could be the case that there are some options that are
>     undocumented in 1.0.2.
>
>     Matt
>
>     >
>     > Regards
>     > Jayalakshmi
>     >
>     > On Tue, Oct 24, 2017 at 2:31 PM, Matt Caswell <[hidden email] <mailto:[hidden email]>
>     > <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>     >
>     >
>     >
>     >     On 24/10/17 07:06, Jayalakshmi bhat wrote:
>     >     > Hi All,
>     >     >
>     >     > I am looking for details on options used to disable or remove unwanted
>     >     > ciphers, components while openssl building. This is for OpenSSL 1.0.2h.
>     >     > I am seeing many things on internet. But most of them have minimum
>     >     > explanation, please can you tell me is there any link that I can refer.
>     >
>     >     Have you looked in INSTALL?
>     >
>     >     https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL
>     <https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL>
>     >     <https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL
>     <https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL>>
>     >
>     >     Matt
>     >
>     >     --
>     >     openssl-users mailing list
>     >     To unsubscribe:
>     >     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >
>     >
>     >
>     >
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Wanted details on ./config or Configure options

OpenSSL - User mailing list
In reply to this post by Matt Caswell-2
> remove unwanted engine files to go away from compilation. OpenSSL 1.01x

1.0.1 or 1.1.0 release?  I’m guessing 1.0.1, since many of those engines are removed from 1.1.0

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Wanted details on ./config or Configure options

Jayalakshmi bhat
In reply to this post by Jayalakshmi bhat
Hi Rich,

I am using OpenSSL 1.0.2h. And I am trying to strip off unused hardware support. I tried using the options mentioned for 1.0.1e which I have explained in the previous mail.
They dont seems to work for 1.0.2h. Hence I wanted to know what would be the best way to remove the unsupported hardware 
like aep, chill, cswift etc from compilation.

Regards
Jayalakshmi



On Thu, Nov 2, 2017 at 4:38 PM, Jayalakshmi bhat <[hidden email]> wrote:
Hi Matt,

Thanks for the reply. We dont want to turn off the engine fully. We have TPM chip, that is part of OpenSSL. I just want to turn off default available hardware using

no-hw-4758-cca no-hw-aep no-hw-atalla no-hw-chil no-hw-cswift no-hw-ibmca no-hw-ncipher no-hw-nuron no-hw-padlock no-hw-sureware no-hw-ubsec no-hw-zencod.

However as of now using the above values with ./Configure is not turning off the compilation of the other hardware components.

Regards
Jaya

On Thu, Nov 2, 2017 at 3:56 PM, Matt Caswell <[hidden email]> wrote:


On 02/11/17 07:07, Jayalakshmi bhat wrote:
> Hi Matt,
>
> Thanks a lot for the response. Sorry for the delayed reply. I was out of
> office for a while. This helped me.  However I am not seeing option to
> remove unwanted engine files to go away from compilation. OpenSSL 1.01x
> method
> (no-hw no-hw-4758-cca no-hw-aep no-hw-atalla no-hw-chil no-hw-cswift no-hw-ibmca no-hw-ncipher no-hw-nuron no-hw-padlock no-hw-sureware no-hw-ubsec no-hw-zencod)
> does not seems to work. Is there any way to do it?

Hmmm - that looks like a possible bug to me. I think that should work
(Richard Levitte may be able to comment).

You can also use no-engine which switches off engine support altogether

Matt

>
>
> Regards
> Jayalakshmi
>
> On Thu, Oct 26, 2017 at 4:09 PM, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 25/10/17 18:02, Jayalakshmi bhat wrote:
>     > Hi Matt,
>     >
>     > Thanks a lot. This helps me. I had seen different options for OpenSSL
>     > 1.0.1e versions. Hence had some confusions.
>     > Does this means, options specified here only can be used for OpenSSL
>     > 1.0.2x releases.
>
>     The INSTALL file is specific to a release. Many options are applicable
>     to both 1.0.1 and 1.0.2 but there may be some differences. We did quite
>     a bit of work on the INSTALL file in the latest 1.1.0 release to make
>     sure all options were documented properly. That happened after the 1.0.2
>     release so it could be the case that there are some options that are
>     undocumented in 1.0.2.
>
>     Matt
>
>     >
>     > Regards
>     > Jayalakshmi
>     >
>     > On Tue, Oct 24, 2017 at 2:31 PM, Matt Caswell <[hidden email] <mailto:[hidden email]>
>     > <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>     >
>     >
>     >
>     >     On 24/10/17 07:06, Jayalakshmi bhat wrote:
>     >     > Hi All,
>     >     >
>     >     > I am looking for details on options used to disable or remove unwanted
>     >     > ciphers, components while openssl building. This is for OpenSSL 1.0.2h.
>     >     > I am seeing many things on internet. But most of them have minimum
>     >     > explanation, please can you tell me is there any link that I can refer.
>     >
>     >     Have you looked in INSTALL?
>     >
>     >     https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL
>     <https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL>
>     >     <https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL
>     <https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL>>
>     >
>     >     Matt
>     >
>     >     --
>     >     openssl-users mailing list
>     >     To unsubscribe:
>     >     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >
>     >
>     >
>     >
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users