• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

openssl

  1. arader

    OpenSSL almost 10x faster than LibreSSL?

    Hi all, I’m investigating some slow VPN speeds on my router, and I’m trying to make sense of what I’m seeing. Non-VPN’d traffic can hit >1gb/s through the router, so I know it’s not a throughput problem. This got me investigating crypto performance, and on all my machines, I’ve found that...
  2. Compile GELI with OpenSSL from ports

    FreeBSD 11.1 i386 I have compiled and installed openssl from ports, so there are: a) /usr/bin/openssl (OpenSSL 1.0.2k-freebsd 26 Jan 2017) with /lib/libcrypto.so.8, /usr/lib/libssl.so.8 and b) /usr/local/bin/openssl (OpenSSL 1.0.2n 7 Dec 2017) with /usr/local/lib/libcrypto.so.9...
  3. OpenSIPS: How to force to compile with OpenSSL from base instead of LibreSSL?

    Hello, I'm building all my packages with poudriere and they are linked with LibreSSL (using "DEFAULT_VERSIONS+=ssl=libressl-devel" in my make.conf) I'd like to use net/opensips but it doesn't works with LibreSSL, I'm getting this error messages: ERROR:tls_mgm:mod_init: unable to set the memory...
  4. henninb

    Solved Apache/SSL setup not working with Firefox

    I am working on setting up SSL on apache24 web server on my local network with a self signed certificate. I am able to confirm it is working with curl and openssl (see the details below), however I am not able to get it working with firefox. I imported my self signed cert to firefox, however...
  5. daBee

    LAN Development 'Domain' SSL Setup

    I'm wanting to generate a self-signed certificate for LAN-only development and testing. The virtual host will be alpha.local, and it is only for nginx serving. The handbook requires a machine name for a virtual host, i.e.: Common Name (e.g. server FQDN or YOUR name)...
  6. Donald Baud

    HowTo: SSL/TLS certificates with acme.sh

    Note: this post is amended because the updated port security/acme.sh is now using its own convention home directory /var/db/acme with dedicated user/group acme:acme The idea is to limit the use of elevated privileges as much as possible. ================ - What is this about? security/acme.sh...
  7. Petr Fischer

    Solved Building nginx in a jail with ssl=base (without openssl port dependency)

    Hello, I am trying to build nginx from ports, but I don't want dependency to openssl from ports. I want "base" FreeBSD openssl. Default nginx package has no dependency to external openssl package. I am building in a jail. I have this in make.conf: WRKDIRPREFIX= /var/ports DISTDIR=...
  8. IPTRACE

    Solved FreeBSD 11p10 - OpenSSL without AESNI?

    user@gt:~ % openssl version OpenSSL 1.0.2k-freebsd 26 Jan 2017 user@gt:~ % openssl speed -evp aes-256-gcm -engine aesni invalid engine "aesni" 34380834184:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared...
  9. bibi

    percona56-server with TLSv1.2

    Hello, I have tried installing percona56-server from the ports with the OpenSSL option checked ( as it is by default ) and I have completed the SSL setup and get everything to work properly except that I am stuck with TLSv1. mysql> \s; -------------- mysql Ver 14.14 Distrib 5.6.33-79.0...
  10. Python OpenSSL versioning issue

    Hello folks, I'm trying to run security/py-certbot on a FreeBSD 10.3 stable jail. When I try to launch it I get the following messages: root@nope:~ # certbot Traceback (most recent call last): File "/usr/local/bin/certbot", line 11, in <module> load_entry_point('certbot==0.9.3'...
  11. timypcr

    openssl-1.0.2_15,1 is vulnerable

    I have two FreeBSD 10.3 servers an audit shows the following pkg audit openssl-1.0.2_15,1 is vulnerable: OpenSSL -- multiple vulnerabilities CVE: CVE-2016-6308 CVE: CVE-2016-6307 CVE: CVE-2016-6306 CVE: CVE-2016-2181 CVE: CVE-2016-2179 CVE: CVE-2016-2178 CVE: CVE-2016-2177 CVE: CVE-2016-2180...
  12. Solved OpenSSL/1.0.2f breaks php56/curl

    Hi, Problem occurs after update from OpenSSL/1.0.2d to OpenSSL/1.0.2f. Here is script: <?php $url = 'https://public-crest.eveonline.com/killmails/33493676/553ac7e2aeabe48092bde10958de0a44dc6f35ef/'; $timeout = 50; $ch = curl_init($url); curl_setopt($ch, CURLOPT_VERBOSE, true); curl_setopt($ch...
  13. postfix breaking with security/openssl

    hHey, jJust wanted to document here that: Git package depends on security/openssl, and security/openssl breaks postfix/smtp. yYou'll get segfaults from 'postfix/smtp' when using it with security/openssl, and SOME emails won't get delivered, depending on the ssl implementation your server wants...
  14. Solved Invalid signature using freebsd-update

    First of all, I checked this thread. Since the thread was old and it doesn't solve my problem, I decided to make a new thread. (I'm not sure if that is accepted behavior or not, being new to the forum.) https://forums.freebsd.org/threads/freebsd-update-fetch-gives-error-invalid-signature.52013/...
  15. [OpenSSL] /etc/ssl/cert.pem not honoured by default

    I have a FreeBSD 10.1 installation with security/ca_root_nss installed (with ETCSYMLINK). /etc/make.conf contains WITH_OPENSSL_BASE="YES", the port (security/openssl) is not installed. /etc/ssl/cert.pem points to /usr/local/share/certs/ca-root-nss.crt, which contains the CA certificates as...
  16. icecoke

    WITH_OPENSSL_PORT=yes not respected by all ports

    On a 10.1p19 (and other earlier Versions) I'm trying to have the latest security/openssl port to be used instead of the slightly older base openssl. But it seems all settings I use, do not achieve this with all ports /etc/make.conf: WITH_OPENSSL_PORT=yes OPENSSLBASE=/usr/local Even after a...
  17. OpenSSL Certificates for Dovecot and Postfix

    Hey guys, Someone have an tutorial teaching how to get SSL DHE-RSA-AES256-SHA working for Dovecot and Postfix? I did the Certificate key using: openssl ecparam -genkey -name secp384r -out usr/local/etc/ssl/private/mail.mydomain.com.key Then the Certificate Sign Request: openssl req -new...