Bug #3125
closedhifn on 2.1 breaks certain ciphers w/openssl
0%
Description
Need to gather some more details, but it appears having a hifn card in a 2.1 system completely breaks openssl. At least ACB doesn't function on 2.1 amd64 with a hifn card because of SSL failure that doesn't happen without the hifn. The Soekris VPN1411 specifically though it's probably not specific to that particular model. I have a couple of those here, will test when time permits to gather more info.
Updated by Jim Pingle over 10 years ago
Probably not broken in general (or the GUI wouldn't work, nor would ssh) but it does have issues with some ciphers, as I found when adding the BEAST mitigation options.
See 30adceda1fffe160d18bdcbcaccb0da5de000fdf
If the server to which it connects had that set, I could see it failing.
Updated by Chris Buechler over 10 years ago
- Subject changed from hifn on 2.1 breaks openssl to hifn on 2.1 breaks certain ciphers w/openssl
Updated by Chris Buechler over 10 years ago
- Target version changed from 2.1 to 2.2
not really anything we can do here. will revisit.
Updated by Jim Pingle almost 10 years ago
Testing this on 2.2 I am still unable to set lighttpd to use BEAST protection. I receive the same error as before, indicating a problem with the encryption. ACB does work on the same 2.2 installation, however, something else may have changed server side since the last test.
Updated by Chris Buechler almost 10 years ago
Confirmed same on an ALIX with:
hifn0 mem 0xe00c0000-0xe00c0fff,0xe0100000-0xe0101fff,0xe0140000-0xe0147fff irq 9 at device 12.0 on pci0 hifn0: [ITHREAD] hifn0: Hifn 7955, rev 0, 32KB dram, pll=0x801<ext clk, 4x mult>
Updated by Jim Thompson almost 10 years ago
- Target version changed from 2.2 to Future
I'm not sure this is a bug we should attempt to fix in 2.2. Marked as 'future'.
Updated by Jim Thompson about 8 years ago
- Assignee set to Chris Buechler
not sure that we shouldn't just close this. Assigned to cmb.
Updated by Chris Buechler almost 8 years ago
- Status changed from New to Closed
- Target version deleted (
Future) - Affected Version deleted (
2.1)
not sure this is still an issue. if it is and anyone cares, report upstream to FreeBSD.