On 10.07.2016 18:13, Andrey Chernov wrote:> On 10.07.2016 18:12, Andrey Chernov wrote: >> On 10.07.2016 18:01, Slawa Olhovchenkov wrote: >>> On Sun, Jul 10, 2016 at 05:10:04PM +0300, Andrey Chernov wrote: >>> >>>> On 10.07.2016 16:30, Slawa Olhovchenkov wrote: >>>>> I am surprised lack of support GOST in openssl-base. >>>>> Can be this enabled before 11.0 released? >>>> >>>> AFAIK openssl maintainers says something like they can't support this >>>> code and it will become rotten shortly with new changes, so they drop it. >>>> >>> >>> Upstream or FreeBSD maintainers? >>> >> >> Openssl maintainers. >> > I.e. upstream. >They mean built-in one, dropped from openssl 1.1.0 and above. It is still available as 3rd party at: https://github.com/gost-engine/engine
On 10.07.2016 18:28, Andrey Chernov wrote:> On 10.07.2016 18:13, Andrey Chernov wrote: >> On 10.07.2016 18:12, Andrey Chernov wrote: >>> On 10.07.2016 18:01, Slawa Olhovchenkov wrote: >>>> On Sun, Jul 10, 2016 at 05:10:04PM +0300, Andrey Chernov wrote: >>>> >>>>> On 10.07.2016 16:30, Slawa Olhovchenkov wrote: >>>>>> I am surprised lack of support GOST in openssl-base. >>>>>> Can be this enabled before 11.0 released? >>>>> >>>>> AFAIK openssl maintainers says something like they can't support this >>>>> code and it will become rotten shortly with new changes, so they drop it. >>>>> >>>> >>>> Upstream or FreeBSD maintainers? >>>> >>> >>> Openssl maintainers. >>> >> I.e. upstream. >> > They mean built-in one, dropped from openssl 1.1.0 and above. It is > still available as 3rd party at: > https://github.com/gost-engine/engine >>From their Changelog:*) The GOST engine was out of date and therefore it has been removed. An up to date GOST engine is now being maintained in an external repository. See: https://wiki.openssl.org/index.php/Binaries. Libssl still retains support for GOST ciphersuites (these are only activated if a GOST engine is present). [Matt Caswell]
On Sun, Jul 10, 2016 at 06:28:04PM +0300, Andrey Chernov wrote:> On 10.07.2016 18:13, Andrey Chernov wrote: > > On 10.07.2016 18:12, Andrey Chernov wrote: > >> On 10.07.2016 18:01, Slawa Olhovchenkov wrote: > >>> On Sun, Jul 10, 2016 at 05:10:04PM +0300, Andrey Chernov wrote: > >>> > >>>> On 10.07.2016 16:30, Slawa Olhovchenkov wrote: > >>>>> I am surprised lack of support GOST in openssl-base. > >>>>> Can be this enabled before 11.0 released? > >>>> > >>>> AFAIK openssl maintainers says something like they can't support this > >>>> code and it will become rotten shortly with new changes, so they drop it. > >>>> > >>> > >>> Upstream or FreeBSD maintainers? > >>> > >> > >> Openssl maintainers. > >> > > I.e. upstream. > > > They mean built-in one, dropped from openssl 1.1.0 and above. It is > still available as 3rd party at: > https://github.com/gost-engine/engineI.e. GOST will be available in openssl. Under BSD-like license. Can be this engine import in base system and enabled at time 1.1.0? And can be GOST enabled now?