This includes following changes,
- Updated asm files for each platforms which are required in
openssl-1.0.2a.
- Some perl files need CC and ASM envs. Added a check if these envs
exist. Followed asm files are to be generated with CC=gcc and
ASM=nasm on Linux. See
`deps/openssl/openssl/crypto/sha/asm/sha512-x86_64.pl`
- Added new 32bit targets/rules with a sse2 flag (OPENSSL_IA32_SSE2)
to generate asm for use SSE2.
- Generating sha512 asm files in x86_64 need output filename which
has 512. Added new rules so as not to use stdout for outputs.
- PERLASM_SCHEME of linux-armv4 is `void` as defined in openssl
Configure. Changed its target/rule and all directories are moved from
arm-elf-gas to arm-void-gas.
deps: add arm64 support in openssl/asm/Makefile
Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
After much investigation it turns out that the affected servers are
buggy. user-service.condenastdigital.com:443 in particular seems to
reject large TLS handshake records. Cutting down the number of
advertised ciphers or disabling SNI fixes the issue.
Similarly, passing { secureOptions: constants.SSL_OP_NO_TLSv1_2 }
seems to fix most connection issues with IIS servers.
Having to work around buggy servers is annoying for our users but not
a reason to downgrade OpenSSL. Therefore, revert it.
This reverts commit 4fdb8acdae.
This commit undoes the downgrade from OpenSSL v1.0.1e to v1.0.0f,
effectively upgrading OpenSSL to v1.0.1e again. The reason for the
downgrade was to work around compatibility issues with certain TLS
servers in the stable branch. See the commit log of 4fdb8ac and the
linked issue for details. We're going to revisit that in the master
branch.
This reverts commit 4fdb8acdae.
Several people have reported issues with IIS and Resin servers (or maybe
SSL terminators sitting in front of those servers) that are fixed by
downgrading OpenSSL. The AESNI performance improvements were nice but
stability is more important. Downgrade OpenSSL from 1.0.1e to 1.0.0f.
Fixes#5360 (and others).