这是openssl-1.0.1h.tar.gz下载(zǎi),openssh从6.5版(bǎn)本开始,使(shǐ)用openssl 源码编译的时(shí)候,必须(xū)使(shǐ)用动态库(在openssh 6.4之前(qián)的版(bǎn)本中(zhōng)没这种情况);一直没找到具体的说(shuō)明,但是经过无数(shù)次(cì)编译尝试,终(zhōng)于验证这种事实(shí)。
openssl-1.0.1h.tar.gz密码库的维护人员发(fā)布(bù)了一个高危安全漏(lòu)洞(dòng)的补丁(CVE-2016-2107),这个漏(lòu)洞可以让攻击(jī)者在web服务器上解密登录证(zhèng)书或(huò)者(zhě)执行恶意代码(mǎ)。
1.) configure: error: *** Can't find recent OpenSSL libcrypto (see config.log for details) ***
2.) OpenSSL version mismatch.
3.) checking OpenSSL header version... not found
Windows command-line tool supports UTF-8 opt-in option for arguments and console input. Setting OPENSSL_WIN32_UTF8 environment variable (to any value) allows Windows user to access PKCS#12 file generated with Windows CryptoAPI and protected with non-ASCII password, as well as files generated under UTF-8 locale on Linux also protected with non-ASCII password. [Andy Polyakov]
To mitigate the SWEET32 attack (CVE-2016-2183), 3DES cipher suites have been disabled by default and removed from DEFAULT, just like RC4. See the RC4 item below to re-enable both.[Rich Salz]
The method for finding the storage locations for the Windows RAND seed file has changed. First we check %RANDFILE%. If that is not set then we check the directories %HOME%, %USERPROFILE% and %SYSTEMROOT% in that order. If all else fails we fall back to C:\. [Matt Caswell]
The EVP_EncryptUpdate() function has had its return type changed from void to int. A return of 0 indicates and error while a return of 1 indicates success. [Matt Caswell]
