httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From olli hauer <oha...@gmx.de>
Subject Re: [VOTE] Release Apache httpd 2.4.14 as GA
Date Sun, 14 Jun 2015 09:09:26 GMT
On 2015-06-14 02:46, Jeff Trawick wrote:
> On Sat, Jun 13, 2015 at 7:42 PM, Yann Ylavic <ylavic.dev@gmail.com> wrote:
> 
>> On Sun, Jun 14, 2015 at 1:18 AM, Jeff Trawick <trawick@gmail.com> wrote:
>>> On Sat, Jun 13, 2015 at 6:06 PM, Yann Ylavic <ylavic.dev@gmail.com>
>> wrote:
>>>>
>>>> I did not look at pr12355.t and pr43738.t yet, however those passed in
>>>> my tests, so it's probably something different.
>>>
>>>
>>> Just in case it wasn't clear, these aren't regressions.  I get them with
>>> prior releases on FreeBSD 10.1 also.
>>
>> Ah ok, those are possibly the same as I reported in [1] for the 2.4.13
>> vote (in the Post Scriptum, about latest stable debian 8).
>>
>>>
>>> I don't know if it is the Perl stack or OpenSSL or ??? that results in
>> the
>>> consistent failure.  (This FreeBSD has a significantly newer Perl stack
>> from
>>> system packages than CentOS 7.)  IIUC, Rainer has been reporting
>>> intermittent failures on various platforms for a while.
>>
>> It seems to be related to latest OpenSSL, maybe RC5 isn't handled anymore?
>>
> 
> I just tried on Fedora 22...
> 
> For both the Perl interpreter/lib versions and OpenSSL versions, it seems
> to be essentially
> 
> CentOS 7 < FreeBSD 10.1 < Fedora 22
> 
> and the one in the middle is the only one where I see the issue.
> 
> The CentOS and Fedora builds of OpenSSL are FIPS-enabled; I don't know how
> that affects the enabled ciphers.
> 

>From OpenSSL CHANGES (happed already with 0.9.7i in 2005)
     The patented RC5 and MDC2 algorithms will now be disabled unless
     "enable-rc5" and "enable-mdc2", respectively, are specified.

And from src/crypto/openssl/Makefile
OPTIONS= ... no-md2 no-rc5 ...

OpenSSL is build in FreeBSD base with
... -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 ...

So is assume tests for RC5 and MD2 will always fail.






Mime
View raw message