[Unbound-users] Unbound 1.4.7 release
Paul Wouters
paul at xelerance.com
Tue Nov 9 15:37:46 UTC 2010
On Tue, 9 Nov 2010, lst_hoe02 at kwsoft.de wrote:
> Is GOST a supported cipher for DNSSEC or will it be some time in the future?
It's fully suported in the RFC's includig its algorithm number.
> As far as i can see it is only available in openssl 1.x or newer and for the
> next few years this will probably not be the standard on Unix. So most of us
> have to use "--disable-gost" anyway...
I have not yet packaged things up, but I assume there is detection in ./configure
for this.
Red Hat strips out all ECC related routines in openssl, so even on rhel/centos 6
there will be no gost if using the stock openssl package. I'm looking at seeing
if it is possible to add a sub package (openssl-gost) that just has the gost
engine, but that will require some time to see how compatible that is with the
"stripping" used in Red Hat.
Paul
More information about the Unbound-users
mailing list