Re: [openssl-users] How to use RSA certificate and ECC certificate simutaneously

Hi Viktor, >Do you then add chain certificates one by one? Yes, and SSL_CTX_use_certificate() also works in multiple certificate types on 1.0.2. Many thanks, Jane 在 2018-11-22 01:24:06，"Viktor Dukhovni" 写道： >> On Nov 21, 2018, at 3:11 AM, 毛 wrote: >> >> We are using

[openssl-users] Openssl speed command for AESGCM

Hi, Does Openssl has speed command for AESGCM ? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL 1.0.2: CVE-2018-0735

On Tue, Nov 06, 2018 at 04:19:36PM -0600, Misaki Miyashita wrote: > Hi, > > According to the vulnerabilities website[1], OpenSSL 1.1.i and earlier and > 1.1.1 are affected by CVE-2018-0735. > Is it safe to assume that OpenSSL 1.0.2 is not affected by the CVE? My understanding is that the code

Re: [openssl-users] Problem with x509_verify_certificate

Hi Viktor, It looks like FreeRDP was not setting a purpose when checking the certificate, causing this issue. I added: X509_STORE_CTX_set_default(csc, "ssl_server"); before the call to if (X509_verify_cert(csc) == 1) and this seems to make it work. I don't know if this is a "good" way to

Re: [openssl-users] renegotiation expected to fail when trust configuration has changed.

On 22/11/2018 15:58, Pfluegl, Andreas wrote: > > I expect server_parse_cb() returning 0 to cause the interruption of the > connection. > > Can you confirm this? Yes. According to the docs: "If the B considers the extension data acceptable it must return 1. If it returns 0 or a negative

[openssl-users] renegotiation expected to fail when trust configuration has changed.

Hi, We have a C++ client application and a C++ server application using OpenSSL 1.1.0f to encrypt the TCP/IP communication. We enforce mutual authentication (also the server requests certificates from the clients and verifies if they are issued by a CA it trusts). We are able to update

Re: [openssl-users] OpenSSL - Session Resumption on an On-going Connection

On 22/11/2018 11:15, Filipe Fernandes wrote: >>   You seem to be confused, and have not explained your requirements >>   clearly.  What is your *goal*? > > My goal is to have the Openssl to "perform the TLS Resumption (initiated by > the > Hello Request message from the server or > the Client

Re: [openssl-users] OpenSSL - Session Resumption on an On-going Connection

> I thought you wanted renegotiation, not resumption, servers can't > do "resumption", because resumption is what you do to avoid a full > handshake on a *new* connection, and only the client can reconnect. Ok. Agreed. > You seem to be confused, and have not explained your requirements >