Maintained by: NLnet Labs

[Unbound-users] Unbound 1.4.7 release

Paul Wouters
Tue Nov 9 16:37:46 CET 2010


On Tue, 9 Nov 2010, lst_hoe02 at kwsoft.de wrote:

> Is GOST a supported cipher for DNSSEC or will it be some time in the future?

It's fully suported in the RFC's includig its algorithm number.

> As far as i can see it is only available in openssl 1.x or newer and for the 
> next few years this will probably not be the standard on Unix. So most of us 
> have to use "--disable-gost" anyway...

I have not yet packaged things up, but I assume there is detection in ./configure
for this.

Red Hat strips out all ECC related routines in openssl, so even on rhel/centos 6
there will be no gost if using the stock openssl package. I'm looking at seeing
if it is possible to add a sub package (openssl-gost) that just has the gost
engine, but that will require some time to see how compatible that is with the
"stripping" used in Red Hat.

Paul