On 06/12/2017 20:25, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
Of Viktor Dukhovni
Sent: Wednesday, December 06, 2017 13:21
On Dec 6, 2017, at 8:51 AM, Michael Wojcik
wrote:
Note: If you use OpenSSL 1.0.x and you use the DH parameter callb
On 06/12/2017 14:51, Michael Wojcik wrote:
This probably should just have gone to openssl-users. Please don't copy every
question to openssl-dev.
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Jayalakshmi bhat
Sent: Wednesday, December 06, 2017 01:07
Does it mean
Morning.
Yeah my fault. I mixed up CL and Link Version Numbers:
Link Version is 14.12.25830.2 and
CL Version 19.12.25830.2 but
Compiler Tool Set Version is 14.12
You have to love their Versioning Scheme ;)
BTW: It turned out that the VS SSA-Optimizer is at fault here! After
disabling it with '/d
➢Or at least that used to be the case. TLSv1.3 got rid of renegotiation, so
if you have a TLSv1.3 connection, it will never renegotiate.
But it could ask for a certificate, which would trigger SSL_WANT_WRITE
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Viktor Dukhovni
> Sent: Wednesday, December 06, 2017 13:21
>
> > On Dec 6, 2017, at 8:51 AM, Michael Wojcik
> wrote:
> >
> >
> > Note: If you use OpenSSL 1.0.x and you use the DH parameter callback, be
> > aware that
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> pratyush parimal
> Sent: Wednesday, December 06, 2017 12:55
> But what I don't understand is, why does the library need to re-do the
> handshake?
I don't wish to sound rude, but this is answered right in the OpenSSL
> On Dec 6, 2017, at 8:51 AM, Michael Wojcik
> wrote:
>
>
> Note: If you use OpenSSL 1.0.x and you use the DH parameter callback, be
> aware that the callback isn't invoked in a useful manner by OpenSSL. (It
> always asks for a 1024-bit group, unless an export cipher suite was selected,
>
Hi Rich,
Thanks for the reply. We are planning to use DHE_RSA based ciphers.
Regards
Jaya
On Wed, Dec 6, 2017 at 7:20 PM, Salz, Rich via openssl-users <
openssl-users@openssl.org> wrote:
> You can re-use the keys, but then you get no forward secrecy, and sessions
> generated with one connectio
Hi Michael,
Thanks for very detailed answers. This will surely help me to investigate
further.
Regards
Jaya
On Wed, Dec 6, 2017 at 7:37 PM, Michael Wojcik <
michael.woj...@microfocus.com> wrote:
> > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
> Behalf Of Salz, Rich via ope
Hi all,
I see a lot of questions and answers about how to
handle SSL_ERROR_WANT_READ / WRITE during SSL_read/write, and I understand
that the error is returned when the SSL library needs to do a handshake in
the middle of read/write operation, so we need to repeat the call when the
appropriate eve
Hi Michael
Thanks for the input.
Regards
Jaya
On Wed, Dec 6, 2017 at 7:21 PM, Michael Wojcik <
michael.woj...@microfocus.com> wrote:
> This probably should just have gone to openssl-users. Please don't copy
> every question to openssl-dev.
>
> > From: openssl-users [mailto:openssl-users-boun...
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Salz, Rich via openssl-users
> Sent: Wednesday, December 06, 2017 08:50
> You can re-use the keys, but then you get no forward secrecy, and sessions
> generated with one connection are
> vulnerable to another.
If yo
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Oliver Niebuhr
> Sent: Wednesday, December 06, 2017 08:43
>
> Like mentioned below, I updated the VS 2017 Compiler to 14.12 - but it
> also happens with 14.11.
I don't know where those version numbers come from (Micros
This probably should just have gone to openssl-users. Please don't copy every
question to openssl-dev.
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Jayalakshmi bhat
> Sent: Wednesday, December 06, 2017 01:07
> Does it mean to use ECC ciphers from OpenSSL does
For TLSv1.3, servers are no longer allowed to specify arbitrary DH groups (for
finite-field or EC DH). They must use one of the named groups. So for 1.3,
there's no point in generating your own groups; conforming implementations
can't use them.
For finite-field DH, those are the groups specifie
You can re-use the keys, but then you get no forward secrecy, and sessions
generated with one connection are vulnerable to another.
Why are you using DH? Unless you have compelling reasons (interop with
legacy), you really should use ECDHE.
--
openssl-users mailing list
To unsubscribe: https:
Hi.
Like mentioned below, I updated the VS 2017 Compiler to 14.12 - but it
also happens with 14.11.
Problem is: There is No Error Message of any kind - CL.exe keeps running
(well more or less) indefinitely. It simply stops working.
It really seems like a Compiler Bug. But I am too OpenSSL noobis
On 06/12/17 08:24, Oliver Niebuhr wrote:
> Hello.
>
> I am not sure if it is a VS Compiler Bug or a Bug in OpenSSL.
>
> When the Compiler reaches 'Blake2b.c', it creates the 'Blake2b.obj' and
> then hangs indefinitely.
>
> CPU usage for CL stays at 27-28 Percent. Used RAM stays at 34-35 Megaby
Hi Jakob and Paul,
Thank you so much for the reply. We have the RSA certificates. I wanted to
understand how generally DH parameters are generated. Thanks for the
detailed answers.
Regards
Jayalakshmi
On Wed, Dec 6, 2017 at 12:48 AM, Jakob Bohm wrote:
> On 06/12/2017 07:02, Jayalakshmi bhat wr
Hello.
I am not sure if it is a VS Compiler Bug or a Bug in OpenSSL.
When the Compiler reaches 'Blake2b.c', it creates the 'Blake2b.obj' and
then hangs indefinitely.
CPU usage for CL stays at 27-28 Percent. Used RAM stays at 34-35 Megabyte.
OpenSSL Version: 1.1.0 Git up2date, Static and Dynamic
20 matches
Mail list logo
