[CentOS] Elliptic curve on Centos 6.x

Fri Jan 3 22:11:25 UTC 2014
David Benfell <benfell at parts-unknown.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 01/03/2014 03:36 AM, Adrian Sevcenco wrote:

IMHO underlying problem is not
> that a cipher/process/code was compromised but that the
> supervising _trustworthy_ entity is in fact not trustworthy at
> all!

It will be interesting to see how this plays out. I have enough
experience with government to know that there are indeed people who
really care about what they do and I'm inclined to accept that some of
them at NIST are indeed really, really upset about this.

But if I understood and am remembering correctly, NSA's involvement
was mandated by statute.

Back to a more technical point: If indeed the compromised algorithm is
*not* enabled in openssl (as a build option) by default, how would
apache be able to use it, even in rare instances, unless somebody
actually selected that option?

- -- 
David Benfell
see https://parts-unknown.org/node/2 if you don't understand the
attachment
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.0-ecc (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJSxzWNAAoJEKrN0Ha7pkCOTxYP/2KXKJ3QYnC51baCNWqvZxG9
nvWmi3WR0Stm81suJDC46IV5yJMgqGPV1JGaXVAh9YliiRBqCDEEhKk87NYpbMfT
nGUaMARp1EOyW1r2WH7JbwAbX37jNnJg65bvxdS7UqSuwxCjjg29Tnah1ybSCV9k
jEPI8Ssccc9uVglUPzj1LJsIeSq2JysZicZHa3jgxhFC2erfqPmDxVVYYheCD6Mb
kZtVxJ+E5o/y+X0B1kgV2ZXYB0D7VlnOCKl6XxzY7t8qeDh4JMx4bFxXKEBAsUGt
pOX3siD/ferpbt3xkQyz9L8IutZWkTO3wwuJ9faM+fPYTPlqzTtA/xCEbDOz6rgZ
ZUcr2FNi+KLn0Yt4PxYFTseLHV1QMtztsozGweD0+90CDAkgeTphd15VLf+xttlw
JJ4jOP4kyUxq/lAJl16xzoyM9sttZnf1brBOaSqsc2nccX8k6dlbyHsRY/AfLtXb
/7499cGR1XdxVRt7LtvUG4XLLMh3CIGT1kv4txzldXJJhFvETlPpfbtAjumwh6pd
+qQWtewVxH0QVV5LX/lYV7RgquLMhM++nkMcMvB+wvyEUDAalRdeNYZ/zrWNw9cX
OT+OYZGRu5LDRDDjeKzDmyDhAGoLPDIw4qpxoH/6ypPzkm4glOS22gI/f38TtoJD
ojKtZnrYUVe/Po5QyH3c
=1h31
-----END PGP SIGNATURE-----