Re: [openssl-users] Session params output fails via cron

On 1/4/2019 1:04 PM, Michael Wojcik wrote: > Behavior is unfortunate if open fails, e.g. because the NFILES limit is > reached, or because /dev/null is inaccessible (e.g. due to a > poorly-configured chroot). You'd be better off with (fd >= 0 && fd < 3). Yes.  Oops. -- Jordan Brown, Oracle

Re: [openssl-users] RNG behavior by default

I agree with Kurt, except for one point: > The RAND_bytes and RAND_status manpages can clearly be improved. Both manpages got an update during the DRBG rewrite (by me) and I don't see any contradiction. You bring it to the point yourself: > So _IF_ it is seeded it is seeded... It is true

Re: [openssl-users] RNG behavior by default

I know that iOS (which was listed) has a good randomness source (SecRandomCopyBytes ) but I don’t think OpenSSL uses it yet. I’m not sure about the quality of Android’s sources, but would expect them to be decent.

Re: [openssl-users] Session params output fails via cron

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Jordan Brown > Sent: Friday, January 04, 2019 13:16 > If you want to, what you want is something like: > int fd; > do { > fd = open("/dev/null", O_RDWR); > } while (fd < 3); >

Re: [openssl-users] Session params output fails via cron

On 1/4/2019 9:15 AM, Salz, Rich via openssl-users wrote: > Jakob - you’re a star! Thanks so much, your suggestion works. So I added > ... > I’m wondering if this would be something worthy of attention in openssl? > > Maybe open an issue to catch this. Seems like the apps could

Re: [openssl-users] RNG behavior by default

On Fri, Jan 04, 2019 at 02:48:48PM +0100, Steffen Nurpmeso wrote: > Dr. Matthias St. Pierre wrote in <450169f8ca7c43d1841c4c8052e78c72@Ex13.\ > ncp.local>: > |> So my concerns are: > |> 1. Whether I really can count on getting a high-entropy PRNG across \ > |> these various platforms, without

Re: [openssl-users] Session params output fails via cron

On 04/01/2019 18:15, Salz, Rich wrote: Jakob - you’re a star! Thanks so much, your suggestion works. So I added Maybe open an issue to catch this. Seems like the apps could check and redirect to /dev/null if the FD isn't valid. Perhaps it is simpler to just accept invalid

Re: [openssl-users] Session params output fails via cron

Just a thought … Do you get the same error when running the command from within a shell script from cron [ in either bash or Korn or one of the other sh’s ] or by executing the shell script from the command line ? What are your default environment settings and shell for the user you are

Re: [openssl-users] Session params output fails via cron

Jakob - you’re a star! Thanks so much, your suggestion works. So I added https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] RNG behavior by default

Dr. Matthias St. Pierre wrote in <450169f8ca7c43d1841c4c8052e78c72@Ex13.\ ncp.local>: |> So my concerns are: |> 1. Whether I really can count on getting a high-entropy PRNG across \ |> these various platforms, without any explicit initialization. | |Yes, for the mentioned platforms, the

Re: [openssl-users] RNG behavior by default

> So my concerns are: > 1. Whether I really can count on getting a high-entropy PRNG across these > various platforms, without any explicit initialization. Yes, for the mentioned platforms, the default configuration is `--with-rand-seed=os`, which means the DRBG automatically seeds and reseeds

Re: [openssl-users] Session params output fails via cron

Actually, my apologies, I missed -ign_eof - that is also needed, so the “fixed” request is: /path/to/openssl s_client -connect :443 -servername -tls1_3 ­sess_out -ign_eof https://twitter.com/tdp_org On 04/01/2019, 10:58, "Neil Craig" wrote: >Sorry for the delay. > >Jakob - you’re a star!

Re: [openssl-users] Session params output fails via cron

Sorry for the delay. Jakob - you’re a star! Thanks so much, your suggestion works. So I added :443 -servername -tls1_3 ­sess_out https://twitter.com/tdp_org On 03/01/2019, 14:52, "openssl-users on behalf of Jakob Bohm via openssl-users" wrote: >On 03/01/2019 12:52, Neil Craig wrote: >>