Thursday, September 6, 2007

Strong encryption included with Solaris 10 09/07!

Yay! The day is finally here! A base version of the Solaris operating system now includes full strength crypto! The packages contained in the Encryption Kit are now included in Solaris 10 09/07 (aka Update 4) by default. This includes: SUNWcry, SUNWcryr and SUNWcryman. Now things like IPsec and OpenSSL will have access to full strength keys at installation time, and you'll no longer see weird errors coming from OpenSSL.


This was a simpler, and hackier, approach than what is being undertaken for Nevada/OpenSolaris. For Solaris 10 09/07, I "simply" got advice from legal that this is okay to include now, filed a package RTI requesting that the FCS versions of the Encryption Kit packages get included in the WOS (Wad of Stuff), and requested those packages to be freshbitted like everything else. These packages had problems with zones, and the like, that were never noticed by internal testers before - since they weren't included by default. Mary D. & Tony S. worked with the patch gatekeepers to get script patches integrated that would do the class action scripts required to fix those packaging errors.


Everything should be in tip top shape now! Enjoy!

2 comments:

  1. Hi Thorleif -
    I'm not an openssl expert, so I don't know the
    answer to your question, but I'll see if I can
    find out!
    Valerie

    ReplyDelete
  2. Thorleif -
    Are you referring to CR 6483054?
    ( http://bugs.opensolaris.org/view_bug.do?bug_id=6483054 )
    If yes... then, it is indeed fixed in S10u4!
    Valerie

    ReplyDelete