RE: Openssl update
Read the file called README. Regards, jjf From: Harris, Steve D [mailto:steved.har...@fda.hhs.gov] Sent: Tuesday, July 09, 2013 3:26 PM To: openssl-users@openssl.org Subject: Openssl update How do you install openssl on AIX I have downloaded the latest I have unzip the file And tar command I have a directory with the data What do I do next Steve
Openssl update
How do you install openssl on AIX I have downloaded the latest I have unzip the file And tar command I have a directory with the data What do I do next Steve
RAND_poll performance issue in Windows
Hi, Not sure whether this query belongs in users or the dev group, so sending to both. We have a windows client application where we use Open SSL (1.0.1e) for some encryption as well as for SSL support. This application will run on Windows XP and above. There is a key requirement that this application should launch in 2 seconds. We have been able to bring to little over 3 seconds and based on profiling results we have no other hot spot over 300ms except for RAND_poll in Open SSL which takes about 1 second. I have gone through the history of how this function is used for generating the seed value of sufficient entropy by taking bytes of data from various sources like heap lists, thread, process and others. I have also gone though the history of performance issues due to heap walking under windows and how they are addressed by putting a timeout on the loops for each of the loops collecting the bytes in this function. The MAXDELAY macro which defines this timeout is currently set to 1 second. I tried changing this value to 200ms and everything still works fine. I have also run the Open SSL unit tests to verify functionality. The hot spot has reduced to 175~180ms after this. The key question for us is whether this is an acceptable change for our usage. What is the impact on security or functionality that we are not aware of? If I got it right, its the heap walking loop that takes the max time, but there are other sources where its collecting the data for the seed. Is it a safe change for us to do for our custom build of Open SSL. If its not recommended, are there any other solutions that we can use in its place to reduce this hot spot? Do note that our application is actively supported for Win XP and above only.
Re: openssl s_client takes over 30 seconds to complete on Windows
"Dave Thompson" wrote: He could just do a: echo foo | openssl s_client -connect "uri.com:443" > cert.txt This executes in 1 sec here. What openssl build on what Windows? The one from the Msys package [1]. Running on Win-XP SP3. It has a special dependency as shown here: cygcheck g:\MingW32\msys\bin\openssl.exe G:\MingW32\msys\bin\openssl.exe g:\MingW32\msys\bin\msys-crypto-1.0.0.dll g:\MingW32\msys\bin\msys-1.0.dll f:\windows\system32\KERNEL32.dll f:\windows\system32\ntdll.dll g:\MingW32\msys\bin\msys-ssl-1.0.0.dll (non-standard OpenSSL dll-names). But this does give me an idea: the OP probably could install cygwin, and a cygwin build of openssl. cygwin tries to emulate Unix on Windows and select() is used commonly enough I expect it works. But cygwin is so big and complicated I don't bother with it myself, so I can't check. Not so big and much less complicated than OpenSSL itself :-( But msys is even smaller. [1] Ref. https://sourceforge.net/projects/mingw/files/MSYS/Extension/openssl/openssl-1.0.0-1/ --gv __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org