On Saturday 2014-07-19 14:03, Carlos E. R. wrote:
El 2014-07-18 a las 10:29 +0200, Jan Engelhardt escribió:
LibreSSL is a fork of OpenSSL which has been stripped of old, unused code and code for defunct/historic OSes.
Question: does it affect connectiviy to older boxes?
Don't know. It is conceivable that it does affect it, because LibreSSL is based upon a recent OpenSSL version (1.0.1g). However, the reverse is also conceivable, because openSUSE patched its openssl to deactivate certain ciphers:
For instance, I had a router that simply does not accept ssh connection from openSUSE ssh, since an update made some time ago.
That may be because the two peers cannot agree on a hash and cipher. openSUSE openssl has two patches listed under the "FIPS" umbrella: [21]openssl-libssl-noweakciphers.patch: -#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" +#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!LOW" [35]openssl-1.0.1e-add-suse-default-cipher.patch: -#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!LOW" +#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!RC2:!DES" (so, the cipher group EXPORT, and the two ciphers RC2 and DES are excluded) which may contribute to your observations. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org