Am 30.08.17 um 10:39 schrieb casper....@oracle.com: > > >>> After I figured out where we went wrong, I filed: >>> 26336744 Solaris specific cleanup code breaks gcm_aes for, e.g., openvpn >>> which has now been fixed in oracle solaris-userland on git hub >>> https://github.com/oracle/solaris-userland/tree/master/components/openssl >> >> Cool, thanks a lot! >> >>> It cannot say exactly when it will be in Solaris 11.3 SRU (patch) release. >>> Current workaround is disabling AES-GCM for openvpn but that should not be >>> needed in the future. >> >> Is there a way to reliably detect this issue from a test program (or by >> looking at system versions, like "uname")? It might be worth adding a >> configure test so users won't run into it ("AES-GCM disabled due to >> bug 26336744 in Solaris OpenSSL"). > > Well, t_lpback would fail but that is late as then you would have > configured and compiled openvpn. >
Does it fail reliable? If yes we could just run a quick version of failing and if this fails disable AES support, especially disabling cipher negoiation. Arne ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
