From b66fa5da25c4b5b67cf9f0ce7af513f5a6a6a686 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 9 Dec 2019 17:23:22 +1100 Subject: [PATCH] Recommend running LibreSSL or OpenSSL self-tests. --- INSTALL | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/INSTALL b/INSTALL index 46fc9e98a..5057dc287 100644 --- a/INSTALL +++ b/INSTALL @@ -31,6 +31,10 @@ If you must use a non-position-independent libcrypto, then you may need to configure OpenSSH --without-pie. Note that due to a bug in EVP_CipherInit OpenSSL 1.1 versions prior to 1.1.0g can't be used. +If you build either from source, running the OpenSSL self-test ("make +tests") or the LibreSSL equivalent ("make check") and ensuring that all +tests pass is strongly recommended. + NB. If you operating system supports /dev/random, you should configure libcrypto (LibreSSL/OpenSSL) to use it. OpenSSH relies on libcrypto's direct support of /dev/random, or failing that, either prngd or egd.