Bug #3125
closed
hifn on 2.1 breaks certain ciphers w/openssl
Added by Chris Buechler almost 11 years ago.
Updated almost 8 years ago.
Category:
Operating System
Description
Need to gather some more details, but it appears having a hifn card in a 2.1 system completely breaks openssl. At least ACB doesn't function on 2.1 amd64 with a hifn card because of SSL failure that doesn't happen without the hifn. The Soekris VPN1411 specifically though it's probably not specific to that particular model. I have a couple of those here, will test when time permits to gather more info.
Probably not broken in general (or the GUI wouldn't work, nor would ssh) but it does have issues with some ciphers, as I found when adding the BEAST mitigation options.
See 30adceda1fffe160d18bdcbcaccb0da5de000fdf
If the server to which it connects had that set, I could see it failing.
- Subject changed from hifn on 2.1 breaks openssl to hifn on 2.1 breaks certain ciphers w/openssl
- Target version changed from 2.1 to 2.2
not really anything we can do here. will revisit.
Testing this on 2.2 I am still unable to set lighttpd to use BEAST protection. I receive the same error as before, indicating a problem with the encryption. ACB does work on the same 2.2 installation, however, something else may have changed server side since the last test.
Confirmed same on an ALIX with:
hifn0 mem 0xe00c0000-0xe00c0fff,0xe0100000-0xe0101fff,0xe0140000-0xe0147fff irq 9 at device 12.0 on pci0
hifn0: [ITHREAD]
hifn0: Hifn 7955, rev 0, 32KB dram, pll=0x801<ext clk, 4x mult>
- Target version changed from 2.2 to Future
I'm not sure this is a bug we should attempt to fix in 2.2. Marked as 'future'.
- Assignee set to Chris Buechler
not sure that we shouldn't just close this. Assigned to cmb.
- Status changed from New to Closed
- Target version deleted (
Future)
- Affected Version deleted (
2.1)
not sure this is still an issue. if it is and anyone cares, report upstream to FreeBSD.
Also available in: Atom
PDF