OpenSSL 1.0.1-chacha

A Windows 64-bit binary build from the 1.0.1 branch of OpenSSL (OpenSSL_1_0_1-stable), including (assembly code for) ChaCha20, Poly1305, J-PAKE, NIST P-224, NIST P-256 and the relatively unsafe ciphers MD2 and RC5 and broken protocol SSLv2. All available engines are provided as separate DLLs.
If you're using this in a production environment, don't forget to explicitly enable only ciphers that are considered safe.
The code for this build can be found at https://github.com/PeterMosmans/openssl/tree/1.0.1-chacha
Example openssl.cnf cipher string:
`` HIGH:!SSLv2:!IDEA:!RC4:!MD5:!ADH:!aNULL:!eNULL``

Build commands:

  • Configure mingw64 shared experimental-jpake enable-md2 enable-rc5 enable-rfc3779 enable-ec_nistp_64_gcc_128 enable-static-engine --openssldir=c\:/programs/openssl -DOPENSSL_NO_HEARTBEATS
  • make depend
  • make util/libeay.num
  • make util/ssleay.num
  • make
  • make report (all tests passed)
http://www.onwebsecurity.com/files/1.0.1-chacha-latest.zip
md5sum: d890de1ab4eba13c7d39139c5726144f

Compiler used:

  • gcc version 4.9.0 (x86_64-posix-seh-rev1, Built by MinGW-W64 project)
more ...

OpenSSL 1.0.2 (10-06-2014)

Note: see http://www.onwebsecurity.com/cryptography/openssl for the latest binary. The version below is obsoleted by newer builds

A Windows 64-bit binary build from a 10-06-2014 snapshot of the official 1.0.2 branch (OpenSSL_1_0_2_stable). This means that 'the latest OpenSSL vulnerabilities' that were disclosed on June 5th 2014 are fixed - see https://www.openssl.org/news/secadv_20140605.txt for more information.
I applied some minor patches for Windows compatibility and changed the version string.

Build commands:

Configure mingw64 shared experimental-jpake enable-md2 enable-rc5 \
enable-rfc3779 enable-ssl-trace enable-ec_nistp_64_gcc_128 \
enable-static-engine --openssldir=c:/tools -DOPENSSL_NO_HEARTBEATS \
-mtune=native
make depend
make util/libeay.num
make util/ssleay.num
make
make report

Compiler used:

  • gcc version 4.9.0 (x86_64-posix-seh-rev1, Built by MinGW-W64 project)
more ...

OpenSSL on 64 bit Windows with ChaCha and Poly1305 support

Note: see https://www.onwebsecurity.com/cryptography/openssl for the latest binary. The version below is obsoleted by newer builds

The main development branch of OpenSSL doesn't have support yet for the (relatively new) ChaCha 20 and Poly1305 ciphers. These can be found however on the 1.0.2-aead branch.

By slightly modifying some makefiles the source can be compiled for 64-bit Windows using mingw64 and msys.

Please find a binary build from a 27-05-2014 snapshot of the source code (1.0.2-aead branch) with assembly code enabled (imported from the 1.0.2 stable branch), and a lot of insecure, new and experimental ciphers enabled. I added the GOST engine gosteay32.dll as well.

The source code for this build can be found at https://github.com/PeterMosmans/openssl

Build commands:

  • Configure mingw64 shared experimental-jpake enable-md2 enable-rc5 enable-rfc3779 enable-ssl-trace enable-ec_nistp_64_gcc_128 enable-static-engine --openssldir=c:/tools
  • make depend
  • make util/libeay.num
  • make util/ssleay.num
  • make
  • make test

Enabled ciphers:

  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES256-SHA384
  • ECDHE-ECDSA-AES256-SHA384
  • ECDHE-RSA-AES256-SHA
  • ECDHE-ECDSA-AES256-SHA
  • SRP-DSS-AES-256-CBC-SHA
  • SRP-RSA-AES-256-CBC-SHA
  • DH-DSS-AES256-GCM-SHA384
  • DHE-DSS-AES256-GCM-SHA384
  • DH-RSA-AES256-GCM-SHA384
  • DHE-RSA-AES256-GCM-SHA384
  • DHE-RSA-AES256-SHA256
  • DHE-DSS-AES256-SHA256
  • DH-RSA-AES256-SHA256
  • DH-DSS-AES256-SHA256
  • DHE-RSA-AES256-SHA
  • DHE-DSS-AES256-SHA
  • DH-RSA-AES256-SHA
  • DH-DSS-AES256-SHA
  • ECDHE-ECDSA-CHACHA20-POLY1305
  • ECDHE-RSA-CHACHA20-POLY1305
  • DHE-RSA-CHACHA20-POLY1305
  • DHE-RSA-CAMELLIA256-SHA
  • DHE-DSS-CAMELLIA256-SHA
  • DH-RSA-CAMELLIA256-SHA
  • DH-DSS-CAMELLIA256-SHA
  • GOST2001-GOST89-GOST89
  • GOST94-GOST89-GOST89
  • AECDH-AES256-SHA
  • SRP-AES-256-CBC-SHA
  • ADH-AES256-GCM-SHA384
  • ADH-AES256-SHA256
  • ADH-AES256-SHA
  • ADH-CAMELLIA256-SHA
  • ECDH-RSA-AES256-GCM-SHA384
  • ECDH-ECDSA-AES256-GCM-SHA384
  • ECDH-RSA-AES256-SHA384
  • ECDH-ECDSA-AES256-SHA384
  • ECDH-RSA-AES256-SHA …
more ...