httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael A. Peters" <mpet...@domblogger.net>
Subject Re: [users@httpd] Question about adding new cipher to openssl and then testing through apache httpd
Date Sun, 08 Jan 2017 03:57:30 GMT
I'm not sure you need to do anything in OpenSSL.

When I build Apache against LibreSSL, I have access to ciphers in 
LibreSSL that are (or were) not in OpenSSL.

As long as your new cipher doesn't trigger any blacklists in the mod_ssl 
source it should be picked up and available as long as a client supports 
it too.

On 01/07/2017 07:41 PM, William Bathurst wrote:
> Hello,
>
> I have created a custom version of Openssl v1.1 where I am testing a new
> cipher algorithm. I now wish to integrate and test in Apache HTTP. Where
> in the source code do I need update in order to get Apache HTTP to
> recognize the new cipher? I can list the new cipher using the "openssl
> ciphers" command:
>
> /usr/local/ssl/bin/openssl ciphers
>
> ECDHE-ECDSA-CIPHERTEST256-SHA256:ECDHE-RSA-CIPHERTEST256-SHA256:ECDHE-ECDSA-CIPHERTEST128-SHA256:ECDHE-RSA-CIPHERTEST128-SHA256:CIPHERTEST256-SHA256:CIPHERTEST128-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CCM8:..
>
> I initially tried compiling 2.4 with the custom OpenSSL and then listing
> the new ciphers in the
> SSLCipherSuite directive but they were not recognized.
>
> NOTES:
> Server version: Apache/2.4.24-dev (Unix)
> Server built:   Jan  8 2017 00:11:07
>
> OpenSSL 1.1.1-TEST-dev  xx XXX xxxx
>
> Thanks in advance!
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message