[33090] in Kerberos
Re: Kerberos 1.9, can it be compiled to use OpenSSL .9.8 (FIPS140-2)?
daemon@ATHENA.MIT.EDU (Tom Yu)
Tue Jan 11 18:03:51 2011
To: wollman@bimajority.org (Garrett Wollman)
From: Tom Yu <tlyu@mit.edu>
Date: Tue, 11 Jan 2011 18:03:45 -0500
In-Reply-To: <igiijo$1vu3$2@grapevine.csail.mit.edu> (Garrett Wollman's
message of "Tue, 11 Jan 2011 21:38:01 +0000 (UTC)")
Message-ID: <ldvaaj7avqm.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
wollman@bimajority.org (Garrett Wollman) writes:
> In article <mailman.4.1294780153.4933.kerberos@mit.edu>,
> Tom Yu <tlyu@MIT.EDU> wrote:
>>It's a known issue due to the use of the CTS mode API that is only
>>present in OpenSSL >=1.0:
>>
>> http://krbdev.mit.edu/rt/Ticket/Display.html?id=6747&user=guest&pass=guest
>
> Just to make sure that I understand correctly: 1.8 and earlier
> implemented CTS mode internally, and this code was ripped out in 1.9
> in favor of the implementation in OpenSSL 1.0?
No. The krb5-1.8 code has the same limitation of requiring the
OpenSSL >= 1.0 implementation of CTS mode.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
