# [SOLVED] OpenSSL elliptic curves

## litan

Hello,

I have currently set the bindist USE flag for my OpenSSL installation,

this flag disables elliptic curve cryptography, because of patents, so I disabled

the flag and tried to re-emerge, but emerge wants to pull in a new slot instead:

```
# emerge openssl

These are the packages that would be merged, in order:

Calculating dependencies... done!

[ebuild  NS    ] dev-libs/openssl-0.9.8z_p2:0.9.8 [1.0.1i:0] USE="(sse2) zlib -bindist -gmp -kerberos {-test}" ABI_X86="(64) (-32) (-x32)" 0 kB

Total: 1 package (1 in new slot), Size of downloads: 0 kB

```

Now, even if I knew how to use this other version, the show-stopper is that elliptic curve key exchange was added in OpenSSL 1.x.

What  are my options?Last edited by litan on Wed Sep 03, 2014 8:30 am; edited 1 time in total

----------

## chithanh

bindist flags on openssl in slot 0 and openssh must match.

```
# emerge -pv openssl:0 openssh
```

----------

## litan

Thanks chithanh, that works.

I removed the bindist flag from openssh in /etc/portage/package.use:

```
dev-libs/openssl -tls-heartbeat -bindist

net-misc/openssh -bindist
```

```
# emerge -pv openssl:0 openssh

These are the packages that would be merged, in order:

Calculating dependencies... done!

[ebuild   R    ] dev-libs/openssl-1.0.1i  USE="(sse2) zlib -bindist* -gmp -kerberos -rfc3779 -static-libs {-test} -tls-heartbeat -vanilla" ABI_X86="(64) (-32) (-x32)" 0 kB

[ebuild   R    ] net-misc/openssh-6.6_p1-r1  USE="hpn pam tcpd -X -X509 -bindist* -kerberos -ldap -ldns -libedit (-selinux) -skey -static" 1,273 kB

Total: 2 packages (2 reinstalls), Size of downloads: 1,273 kB

```

Before:

```
$ openssl ciphers -v 'ECDHE-RSA-AES256-GCM-SHA384'

Error in cipher list

139909532599952:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1314:
```

After:

```
$ openssl ciphers -v 'ECDHE-RSA-AES256-GCM-SHA384'

ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
```

After recompiling apache, it also supports the new suites.

----------

