[33091] in Kerberos
Re: Kerberos 1.9, can it be compiled to use OpenSSL .9.8 (FIPS140-2)?
daemon@ATHENA.MIT.EDU (Garrett Wollman)
Tue Jan 11 18:49:37 2011
From: wollman@bimajority.org (Garrett Wollman)
Date: Tue, 11 Jan 2011 23:30:23 +0000 (UTC)
Message-ID: <igip6f$28iv$1@grapevine.csail.mit.edu>
X-Complaints-To: security@csail.mit.edu
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
In article <mailman.6.1294787028.4933.kerberos@mit.edu>,
Tom Yu <tlyu@MIT.EDU> wrote:
>> Just to make sure that I understand correctly: 1.8 and earlier
>> implemented CTS mode internally, and this code was ripped out in 1.9
>> in favor of the implementation in OpenSSL 1.0?
>
>No. The krb5-1.8 code has the same limitation of requiring the
>OpenSSL >= 1.0 implementation of CTS mode.
OK, I think I understand. This only matters if you configure with
--with-crypto-impl=openssl, right?
-GAWollman
--
Garrett A. Wollman | What intellectual phenomenon can be older, or more oft
wollman@bimajority.org| repeated, than the story of a large research program
Opinions not shared by| that impaled itself upon a false central assumption
my employers. | accepted by all practitioners? - S.J. Gould, 1993
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
