Project

General

Profile

Actions
Copy link

Bug #3125

closed

hifn on 2.1 breaks certain ciphers w/openssl

Added by Chris Buechler over 10 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Chris Buechler
Category:
Operating System
Target version:
-
Start date:
08/02/2013
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

Need to gather some more details, but it appears having a hifn card in a 2.1 system completely breaks openssl. At least ACB doesn't function on 2.1 amd64 with a hifn card because of SSL failure that doesn't happen without the hifn. The Soekris VPN1411 specifically though it's probably not specific to that particular model. I have a couple of those here, will test when time permits to gather more info.

Actions
Copy link
 #1

Updated by Jim Pingle over 10 years ago

Probably not broken in general (or the GUI wouldn't work, nor would ssh) but it does have issues with some ciphers, as I found when adding the BEAST mitigation options.

See 30adceda1fffe160d18bdcbcaccb0da5de000fdf

If the server to which it connects had that set, I could see it failing.

Actions
Copy link
 #2

Updated by Chris Buechler over 10 years ago

  • Subject changed from hifn on 2.1 breaks openssl to hifn on 2.1 breaks certain ciphers w/openssl
Actions
Copy link
 #3

Updated by Chris Buechler over 10 years ago

  • Target version changed from 2.1 to 2.2

not really anything we can do here. will revisit.

Actions
Copy link
 #4

Updated by Jim Pingle almost 10 years ago

Testing this on 2.2 I am still unable to set lighttpd to use BEAST protection. I receive the same error as before, indicating a problem with the encryption. ACB does work on the same 2.2 installation, however, something else may have changed server side since the last test.

Actions
Copy link
 #5

Updated by Chris Buechler almost 10 years ago

Confirmed same on an ALIX with:

hifn0 mem 0xe00c0000-0xe00c0fff,0xe0100000-0xe0101fff,0xe0140000-0xe0147fff irq 9 at device 12.0 on pci0
hifn0: [ITHREAD]
hifn0: Hifn 7955, rev 0, 32KB dram, pll=0x801<ext clk, 4x mult>
Actions
Copy link
 #6

Updated by Jim Thompson almost 10 years ago

  • Target version changed from 2.2 to Future

I'm not sure this is a bug we should attempt to fix in 2.2. Marked as 'future'.

Actions
Copy link
 #7

Updated by Jim Thompson about 8 years ago

  • Assignee set to Chris Buechler

not sure that we shouldn't just close this. Assigned to cmb.

Actions
Copy link
 #8

Updated by Chris Buechler almost 8 years ago

  • Status changed from New to Closed
  • Target version deleted (Future)
  • Affected Version deleted (2.1)

not sure this is still an issue. if it is and anyone cares, report upstream to FreeBSD.

Actions
Copy link

Also available in: Atom PDF