Thursday, September 6, 2007

Strong encryption included with Solaris 10 09/07!

Yay! The day is finally here! A base version of the Solaris operating system now includes full strength crypto! The packages contained in the Encryption Kit are now included in Solaris 10 09/07 (aka Update 4) by default. This includes: SUNWcry, SUNWcryr and SUNWcryman. Now things like IPsec and OpenSSL will have access to full strength keys at installation time, and you'll no longer see weird errors coming from OpenSSL.

This was a simpler, and hackier, approach than what is being undertaken for Nevada/OpenSolaris. For Solaris 10 09/07, I "simply" got advice from legal that this is okay to include now, filed a package RTI requesting that the FCS versions of the Encryption Kit packages get included in the WOS (Wad of Stuff), and requested those packages to be freshbitted like everything else. These packages had problems with zones, and the like, that were never noticed by internal testers before - since they weren't included by default. Mary D. & Tony S. worked with the patch gatekeepers to get script patches integrated that would do the class action scripts required to fix those packaging errors.

Everything should be in tip top shape now! Enjoy!


  1. Really great to read this! Is there openssl thread support in Solaris 10 U4? We had problems to build pound loadbalancer ( ) with the Sun Solaris 10 openssl packages.

  2. Hi Thorleif -
    I'm not an openssl expert, so I don't know the
    answer to your question, but I'll see if I can
    find out!

  3. Thorleif -
    Are you referring to CR 6483054?
    ( )
    If yes... then, it is indeed fixed in S10u4!