Crypto failure Issues

Mon Jul 27 14:33:51 UTC 2015

I am using a prebuilt binary will give compiling it myself a try and see what that yields.

Larry Stewart, CISSP
Contractor - ManTech
Network Engineer
Office: 520-538-4227
DSN: 879-4227
Cell phone: 520-227-8251
larry.c.stewart.ctr at mail.mil

-----Original Message-----
From: bind-users-bounces at lists.isc.org [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Ted Mittelstaedt
Sent: Friday, July 24, 2015 12:28 PM
To: bind-users at lists.isc.org
Subject: Re: Crypto failure Issues

Did you compile both openssl and bind or are you using a prebuilt binary?

There are (apparently) problems with OpenSSL 1.0.2 on the 32 bit Solaris
10 platform.  This was discussed on the openssl-users mailing list
a few months ago.  The "fix" was building with an openssl 1.0.1
version on that platform.  I would try that myself.

Ted

On 7/24/2015 10:31 AM, Stewart, Larry C Sr CTR DISA JITC (US) wrote:
> All
>
> It occurred to me that you may need more info to assist me the logs show the following:
>
> Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] starting BIND 9.10.2-P2 -t /nithr -u nithr -d 2 -f
> Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] built with '--prefix=/' '--with-openssl=/usr/local/ssl' '--enable-threads' 'CC=/usr/sfw/bin/gcc'
> Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] ----------------------------------------------------
> Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] BIND 9 is maintained by Internet Systems Consortium,
> Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] Inc. (ISC), a non-profit 501(c)(3) public-benefit
> Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] corporation.  Support and training for BIND 9 are
> Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] available at https://www.isc.org/support
> Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] ----------------------------------------------------
> Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.warning] ENGINE_by_id failed (crypto failure)
> Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.crit] initializing DST: crypto failure
> Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.crit] exiting (due to fatal error)
>
>
> As you can see I am running named in a chroot jail. I compile it the same as when I am using the older version of openssl. Looking on line this issue seems to have raised its head with the release of openssl 1.0.0, but I have yet to discover a solution on line.
>
> Larry Stewart, CISSP
> Contractor - ManTech
> Network Engineer
> Office: 520-538-4227
> DSN: 879-4227
> Cell phone: 520-227-8251
> larry.c.stewart.ctr at mail.mil
>
>
> -----Original Message-----
> From: bind-users-bounces at lists.isc.org [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Stewart, Larry C Sr CTR DISA JITC (US)
> Sent: Friday, July 24, 2015 9:22 AM
> To: bind-users at lists.isc.org
> Subject: Crypto failure Issues
>
> I am having issues with bind failing to start due to a crypto failure when I compile with the --with-openssl option when I have openssl version 1.0.2d or 1.0.2c
>
> Is anyone aware of any compatibility issues between bind and openssl version 1.0.2? I have no issues when I use openssl version 0.9.8zf.
>
> My system is a Solaris 10 x86 OS
>
> Larry Stewart, CISSP
> Contractor - ManTech
> Network Engineer
> Office: 520-538-4227
> DSN: 879-4227
> Cell phone: 520-227-8251
> larry.c.stewart.ctr at mail.mil
>
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5605 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150727/aa743691/attachment.bin>