Crypto failure Issues

Tony Finch dot at dotat.at
Mon Jul 27 15:26:31 UTC 2015


Stewart, Larry C Sr CTR DISA JITC (US) <larry.c.stewart.ctr at mail.mil> wrote:

> I am having issues with bind failing to start due to a crypto failure
> when I compile with the --with-openssl option when I have openssl
> version 1.0.2d or 1.0.2c
>
> Is anyone aware of any compatibility issues between bind and openssl
> version 1.0.2? I have no issues when I use openssl version 0.9.8zf.

This sounds like the GOST problem. Try building BIND with
./configure --without-gost or copy the OpenSSL GOST engine shared object
into your chroot.

e.g. https://lists.isc.org/pipermail/bind-users/2014-June/093450.html
http://gnats.netbsd.org/48658

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Tyne, Dogger, Fisher: Northeast 5 or 6 backing north 4 or 5, but cyclonic at
first in Dogger. Moderate. Rain or showers. Moderate or good.


More information about the bind-users mailing list