Crypto failure Issues

Ted Mittelstaedt tedm at ipinc.net
Fri Jul 24 19:28:02 UTC 2015 

Did you compile both openssl and bind or are you using a prebuilt binary?

There are (apparently) problems with OpenSSL 1.0.2 on the 32 bit Solaris
10 platform.  This was discussed on the openssl-users mailing list
a few months ago.  The "fix" was building with an openssl 1.0.1
version on that platform.  I would try that myself.

Ted

On 7/24/2015 10:31 AM, Stewart, Larry C Sr CTR DISA JITC (US) wrote:
> All
>
> It occurred to me that you may need more info to assist me the logs show the following:
>
> Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] starting BIND 9.10.2-P2 -t /nithr -u nithr -d 2 -f
> Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] built with '--prefix=/' '--with-openssl=/usr/local/ssl' '--enable-threads' 'CC=/usr/sfw/bin/gcc'
> Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] ----------------------------------------------------
> Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] BIND 9 is maintained by Internet Systems Consortium,
> Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] Inc. (ISC), a non-profit 501(c)(3) public-benefit
> Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] corporation.  Support and training for BIND 9 are
> Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] available at https://www.isc.org/support
> Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] ----------------------------------------------------
> Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.warning] ENGINE_by_id failed (crypto failure)
> Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.crit] initializing DST: crypto failure
> Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.crit] exiting (due to fatal error)
>
>
> As you can see I am running named in a chroot jail. I compile it the same as when I am using the older version of openssl. Looking on line this issue seems to have raised its head with the release of openssl 1.0.0, but I have yet to discover a solution on line.
>
> Larry Stewart, CISSP
> Contractor - ManTech
> Network Engineer
> Office: 520-538-4227
> DSN: 879-4227
> Cell phone: 520-227-8251
> larry.c.stewart.ctr at mail.mil
>
>
> -----Original Message-----
> From: bind-users-bounces at lists.isc.org [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Stewart, Larry C Sr CTR DISA JITC (US)
> Sent: Friday, July 24, 2015 9:22 AM
> To: bind-users at lists.isc.org
> Subject: Crypto failure Issues
>
> I am having issues with bind failing to start due to a crypto failure when I compile with the --with-openssl option when I have openssl version 1.0.2d or 1.0.2c
>
> Is anyone aware of any compatibility issues between bind and openssl version 1.0.2? I have no issues when I use openssl version 0.9.8zf.
>
> My system is a Solaris 10 x86 OS
>
> Larry Stewart, CISSP
> Contractor - ManTech
> Network Engineer
> Office: 520-538-4227
> DSN: 879-4227
> Cell phone: 520-227-8251
> larry.c.stewart.ctr at mail.mil
>
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list