Loading
Feature Disruption - Service Cloud VoiceRead More
Feature degradation | Gmail Email delivery failureRead More
Marketing Cloud Engagement
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Build OpenSSL Version for Encryption Keys

            You are here:

            1. Salesforce Help
            2. Docs
            3. Marketing Cloud Engagement

            Build OpenSSL Version for Encryption Keys

            Marketing Cloud Engagement uses the OpenSSL software library to generate and wrap encryption keys. A patch is required to enable AES key wrapping on OpenSSL 1.1.1.

            1. Review the latest OpenSSL version.
              This example uses version 1.1.1, but enter the current version as necessary.
            2. To download and unzip the OpenSSL release to a local folder, open a command prompt and enter this command. 
              mkdir $HOME/build
mkdir -p $HOME/local/ssl
cd $HOME/build
curl -O https://openssl-library.org/source/openssl-1.1.1.tar.gz
tar -zxf openssl-1.1.1.tar.gz
            3. Enter this command to patch your local OpenSSL copy and enable the EVP_CIPHER_CTX_FLAG_WRAP_ALLOW setting. 
              cat <<-EOF | patch -d $HOME/build/ -p0
diff -ur orig/openssl-1.1.1/apps/enc.c openssl-1.1.1/apps/enc.c
--- orig/openssl-1.1.1/apps/enc.c      2017-11-02 10:29:02.000000000 -0400
+++ openssl-1.1.1/apps/enc.c   2017-11-18 14:00:31.106304557 -0500
@@ -478,6 +478,7 @@
          */

         BIO_get_cipher_ctx(benc, &ctx);
+        EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);

         if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) {
             BIO_printf(bio_err, "Error setting cipher %s\n",
EOF
            4. Enter this command to patch your local OpenSSL copy and enable the EVP_CIPHER_CTX_FLAG_WRAP_ALLOW setting. This step is required only for OpenSSL 1.1.1. You aren’t required to patch if you’re using recommended OpenSSL 3.0 
              cd $HOME/build/openssl-1.1.1/
./config --prefix=$HOME/local --openssldir=$HOME/local/ssl
make -j$(grep -c ^processor /proc/cpuinfo)
make test
make install
            5. Enter this command to make sure the new OpenSSL binary installed correctly. If FAIL doesn’t appear as the test's output, the installation completed. 
              cd $HOME
test -x local/bin/openssl || echo FAIL
            6. Create an executable to make sure the custom OpenSSL implementation can reference the correct libraries. 
              cd $HOME/local/bin/
cat > ./openssl.sh <<-EOF
#!/bin/bash
env LD_LIBRARY_PATH=$HOME/local/lib/ $HOME/local/bin/openssl "\$@"
EOF
chmod 755 ./openssl.sh
            7. Start the custom OpenSSL implementation. 
              $HOME/local/bin/openssl.sh
            8. At the OpenSSL prompt, run this command to make sure you're using the correct patched version. 
              OpenSSL> version
OpenSSL 1.1.1  20 Nov 2018
OpenSSL> exit

            Any other parts of the normal OpenSSL installation are installed under $HOME/local/ssl/. For example, you can view man pages using the command env MANPATH=$HOME/local/share/man/ man openssl.

             
            Loading
            Salesforce Help | Article