[STATUS] OpenSSL (Sun 2-Jun-2002)

2002-06-02 Thread OpenSSL Project 


  OpenSSL STATUS   Last modified at
  __   $Date: 2002/06/01 15:33:36 $

  DEVELOPMENT STATE

o  OpenSSL 0.9.8:  Under development...
o  OpenSSL 0.9.7-beta1:  Released on June 1st, 2002
o  OpenSSL 0.9.6d: Released on May9th, 2002
o  OpenSSL 0.9.6c: Released on December  21st, 2001
o  OpenSSL 0.9.6b: Released on July   9th, 2001
o  OpenSSL 0.9.6a: Released on April  5th, 2001
o  OpenSSL 0.9.6:  Released on September 24th, 2000
o  OpenSSL 0.9.5a: Released on April  1st, 2000
o  OpenSSL 0.9.5:  Released on February  28th, 2000
o  OpenSSL 0.9.4:  Released on August09th, 1999
o  OpenSSL 0.9.3a: Released on May   29th, 1999
o  OpenSSL 0.9.3:  Released on May   25th, 1999
o  OpenSSL 0.9.2b: Released on March 22th, 1999
o  OpenSSL 0.9.1c: Released on December  23th, 1998

  [See also http://www.openssl.org/support/rt2.html]

  RELEASE SHOWSTOPPERS

o BN_mod_mul verification fails for mips3-sgi-irix
  unless configured with no-asm

  AVAILABLE PATCHES

o 

  IN PROGRESS

o Steve is currently working on (in no particular order):
ASN1 code redesign, butchery, replacement.
OCSP
EVP cipher enhancement.
Enhanced certificate chain verification.
Private key, certificate and CRL API and implementation.
Developing and bugfixing PKCS#7 (S/MIME code).
Various X509 issues: character sets, certificate request extensions.
o Geoff and Richard are currently working on:
ENGINE (the new code that gives hardware support among others).
o Richard is currently working on:
UI (User Interface)
UTIL (a new set of library functions to support some higher level
  functionality that is currently missing).
Shared library support for VMS.
Kerberos 5 authentication
Constification
OCSP

  NEEDS PATCH

o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file

o  "OpenSSL STATUS" is never up-to-date.

  OPEN ISSUES

o  The Makefile hierarchy and build mechanism is still not a round thing:

   1. The config vs. Configure scripts
  It's the same nasty situation as for Apache with APACI vs.
  src/Configure. It confuses.
  Suggestion: Merge Configure and config into a single configure
  script with a Autoconf style interface ;-) and remove
  Configure and config. Or even let us use GNU Autoconf
  itself. Then we can avoid a lot of those platform checks
  which are currently in Configure.

o  Support for Shared Libraries has to be added at least
   for the major Unix platforms. The details we can rip from the stuff
   Ralf has done for the Apache src/Configure script. Ben wants the
   solution to be really simple.

   Status: Ralf will look how we can easily incorporate the
   compiler PIC and linker DSO flags from Apache
   into the OpenSSL Configure script.

   Ulf: +1 for using GNU autoconf and libtool (but not automake,
which apparently is not flexible enough to generate
libcrypto)

  WISHES

o  Add variants of DH_generate_parameters() and BN_generate_prime() [etc?]
   where the callback function can request that the function be aborted.
   [Gregory Stark <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>]

o  SRP in TLS.
   [wished by:
Dj <[EMAIL PROTECTED]>, Tom Wu <[EMAIL PROTECTED]>,
Tom Holroyd <[EMAIL PROTECTED]>]

   See http://search.ietf.org/internet-drafts/draft-ietf-tls-srp-00.txt
   as well as http://www-cs-students.stanford.edu/~tjw/srp/.

   Tom Holroyd tells us there is a SRP patch for OpenSSH at
   http://members.tripod.com/professor_tom/archives/, that could
   be useful.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Help!

2002-06-02 Thread Pushkar Patil 

Hi all,

I am looking for the file/files where all the ciphers are stored :

TLS_RSA_WITH_RC4_128_MD5Ox04
SSL2_RC4_128_WITH_MD5  Ox010080
and so on


These are sent in Client Hello message,

Thanks
-Pushkar Patil


__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[ANNOUNCE] OpenSSL 0.9.1 beta 1 released

2002-06-02 Thread Lutz Jaenicke 

The first beta release of OpenSSL 0.9.7 is now available from the
OpenSSL FTP site ftp://ftp.openssl.org/source/>. Quite a lot
of code changed between the 0.9.6 release and the 0.9.7 release, so
a series of 3 or 4 beta releases is planned before the final release.

To make sure that it will work correctly, please test this version
(especially on less common platforms), and report any problems to
<[EMAIL PROTECTED]>.
Application developers that use OpenSSL to provide cryptographic
routines or SSL/TLS support are kindly requested to test their
software against this new release to make sure that necessary adaptions
can be made.

Changes between 0.9.6x and 0.9.7 include:

  o New library section OCSP.
  o Complete rewrite of ASN1 code.
  o CRL checking in verify code and openssl utility.
  o Extension copying in 'ca' utility.
  o Flexible display options in 'ca' utility.
  o Provisional support for international characters with UTF8.
  o Support for external crypto devices ('engine') is no longer
a separate distribution.
  o New elliptic curve library section.
  o New AES (Rijndael) library section.
  o Change DES API to clean up the namespace (some applications link also
against libdes providing similar functions having the same name).
Provide macros for backward compatibility (will be removed in the
future).
  o Unifiy handling of cryptographic algorithms (software and
engine) to be available via EVP routines for asymmetric and
symmetric ciphers.
  o NCONF: new configuration handling routines.
  o Change API to use more 'const' modifiers to improve error checking
and help optimizers.
  o Finally remove references to RSAref.
  o Reworked parts of the BIGNUM code.
  o Support for new engines: Broadcom ubsec, Accelerated Encryption
Processing, IBM 4758.
  o PRNG: query at more locations for a random device, automatic query for
EGD style random sources at several locations.
  o SSL/TLS: allow optional cipher choice according to server's preference.
  o SSL/TLS: allow server to explicitly set new session ids.
  o SSL/TLS: support Kerberos cipher suites (RFC2712).
  o SSL/TLS: allow more precise control of renegotiations and sessions.
  o SSL/TLS: add callback to retrieve SSL/TLS messages.
  o SSL/TLS: add draft AES ciphersuites (disabled unless explicitly requested).

--
Lutz Jaenicke   [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~jaenicke/
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]