OpenSSL problem: bind98-base FreeBSD port
Mark Andrews
marka at isc.org
Mon Jul 9 00:43:02 UTC 2012
In message <6A477852-8C67-421A-850C-7144A37B8448 at conundrum.com>, Matthew Pounse
tt writes:
>
> On 2012/07/08, at 20:29, Matthew Pounsett wrote:
>
> >=20
> > On 2012/07/08, at 20:26, Mark Andrews wrote:
> >=20
> >>=20
> >> One can also build named w/o GOST support if one wants. We =
> statically
> >> link all the engines when building named on Windows.
> >=20
> > Unfortunately the port doesn't provide the config hooks to disable =
> GOST support.
>
> Actually.. how do you go about doing that anyway? I was just taking a =
> look at writing a patch for the port to allow GOST to be turned off, but =
> BIND's configure script doesn't have any information in it about =
> disabling individual ciphers.
All the other ciphers are built into OpenSSL so they don't need configure
options.
./configure --with-gost=no
One can disable individual DNSSEC key algorithms at runtime via named.conf.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list