Secure Sockets and Transport Layer Security
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and open source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography. The project is managed
by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL toolkit and its related
documentation.
Derivation and License
OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style license, which basically means that you are free to get it
and to use it for commercial and noncommercial purposes.
- Developed at security:tls
- Sources inherited from project openSUSE:Factory
-
7
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Backports:SLE-15-SP4:SLECandidates/openssl && cd $_ - Create Badge
Refresh
Refresh
Source Files
Revision 114 (latest revision is 171)
Stephan Kulow (coolo)
accepted
request 231108
from
Shawn Chang (shawn2012)
(revision 114)
- Build everything with full RELRO (-Wl,-z,relro,-z,now) - Remove -fstack-protector from the hardcoded build options it is already in RPM_OPT_FLAGS and is replaced by -fstack-protector-strong with gcc 4.9 - Remove the "gmp" and "capi" shared engines, nobody noticed but they are just dummies that do nothing. - Use enable-rfc3779 to allow projects such as rpki.net to work in openSUSE and match the functionality available in Debian/Fedora/etc - openssl-buffreelistbug-aka-CVE-2010-5298.patch fix CVE-2010-5298 and disable the internal BUF_FREELISTS functionality. it hides bugs like heartbleed and is there only for systems on which malloc() free() are slow. - ensure we export MALLOC_CHECK and PERTURB during the test suite, now that the freelist functionality is disabled it will help to catch bugs before they hit users. - openssl-libssl-noweakciphers.patch do not offer "export" or "low" quality ciphers by default. using such ciphers is not forbidden but requires an explicit request - openssl-gcc-attributes.patch: fix thinko, CRYPTO_realloc_clean does not return memory of "num * old_num" but only "num" size fortunately this function is currently unused. (forwarded request 230868 from elvigia)
Comments 10
Can anyone explain, openssl-1.0.2i-new-fips-reqs.patch is for what and which code based ? I'm unable to map to any code base either openssl-1.0.2i nor openssl-fips which found in https://www.openssl.org/
It is from a seperate FIPS patchset which we used for FIPS certification of openssl in SLES 12 and SLES 12 SP2.
Can i get the source copy of it ?
check out these sources: SUSE:SLE-12-SP2:Update openssl
I'm sorry, couldn't able to locate the exact link. If you don't mind can you help me to point the link ?
https://build.opensuse.org/package/show/SUSE:SLE-12:Update/openssl
Thanks a lot. anyway i can't find openssl-1.0.2i-new-fips-reqs.patch in this path of any updation. I think it's been deleted, prior to this can find openssl-1.0.1i-new-fips-reqs.patch.
make that https://build.opensuse.org/package/show/SUSE:SLE-12-SP2:Update/openssl
Thank you, got it. Basically the New requirements of FIPS 140-2 RSA/DSA were adopted from Red Hat Inc right ?
The patchset is largely from Redhat, we did some small adaptions to even stricter FIPS requirements but I do not recall the details.