Hi Matt, Is there any solution to compile openssl-0.9.8za without -no-ec option. Or do we have any patch available to fix the fips breakage issue. *Known issues in OpenSSL 0.9.8za:*
- FIPS capable link failure with missing symbol BN_consttime_swap. Fixed in 0.9.8zb-dev. Workaround is to compile with no-ec: the EC algorithms are not FIPS approved in OpenSSL 0.9.8 anyway. Thanks, Gayathri Thanks, Gayathri On Wed, Aug 6, 2014 at 6:56 PM, Matt Caswell <m...@openssl.org> wrote: > On 6 August 2014 14:12, Gayathri Manoj <gayathri.an...@gmail.com> wrote: > > Hi Matt, > > > > Thanks Matt. > > > > My actual issue is that I am not able to generate ecdsa keys after > upgrading > > openssl version from 0.9.8y to 0.9.8za. For making our openssl fips > > compliant we complied the same with -no-ec option that is recommended by > > openssl fourm. > > > > For this issueIi goggled and got this info - compile openssl witn > -bindist. > > > > Please let me is any other way to get ecdsa key > > ]# ssh-keygen -t ecdsa -b 1024 > > unknown key type ecdsa > > # > > > > Well you can't have it both ways! You can't disable EC and then expect > to generate EC keys! If you want ECDSA don't use -no-ec > > Matt > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
