[openssl-users] How to get current using openssl version
Hi All: I am installing openssl in local path, and when I use SSLeay_version(SSLEAY_VERSION); to get version, it will return SSL version: OpenSSL 1.0.1f 6 Jan 2014, But installed version is 1.0.1j. It seems to get system installed version not my manually installed version, So How can I get it. PS. I have added include path to gcc: -I./openssl/include/openssl -- Rejoice,I Desire! ___ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
Re: [openssl-users] How to get current using openssl version
It seems to get system installed version not my manually installed version, So How can I get it. PS. I have added include path to gcc: -I./openssl/include/openssl You probably need some better combination of -L and -l flags; -I only sets the path for #include statements. Some intro documentation on Linux software development might be useful /r$ -- Principal Security Engineer, Akamai Technologies IM: rs...@jabber.me Twitter: RichSalz ___ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
Re: [openssl-users] How to get current using openssl version
Try setting LD_LIBRARY_PATH to your local installation before running your program: export LD_LIBRARY_PATH=/alternate/path/usr/lib On Mon, Dec 15, 2014 at 5:15 AM, Jerry OELoo oylje...@gmail.com wrote: Hi All: I am installing openssl in local path, and when I use SSLeay_version(SSLEAY_VERSION); to get version, it will return SSL version: OpenSSL 1.0.1f 6 Jan 2014, But installed version is 1.0.1j. It seems to get system installed version not my manually installed version, So How can I get it. PS. I have added include path to gcc: -I./openssl/include/openssl -- Rejoice,I Desire! ___ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users -- Chris Bare ___ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
Re: [openssl-users] CVE-2014- and OpenSSL?
On 12-12-2014 21:31, Jeffrey Walton wrote: On Fri, Dec 12, 2014 at 5:23 AM, Jakob Bohm jb-open...@wisemo.com wrote: On 09/12/2014 21:46, Jeffrey Walton wrote: On Tue, Dec 9, 2014 at 2:07 PM, Amarendra Godbole amarendra.godb...@gmail.com wrote: So Adam Langley writes SSLv3 decoding function was used with TLS, then the POODLE attack would work, even against TLS connections. on his the latest POODLE affecting TLS 1.x. (https://www.imperialviolet.org/). I also received a notification from Symantec's DeepSight, that states: OpenSSL CVE-2014-8730 Man In The Middle Information Disclosure Vulnerability. However, I could not find more information on OpenSSL's web-site about POODLE-biting-again. Did I miss any notification? Thanks. Here's some more reading: https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls There's nothing specific to OpenSSL. Its a design defect in the protocols (its been well known that TLS 1.0 had the same oracle as SSLv3 since only the IV changed between them). Its not surprising that a PoC demonstrates it against TLS 1.0. Many have been been waiting for it. It looks like Ubuntu is going to have to enable TLS 1.1 and 1.2 in 12.04 LTS for clients. https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1256576 . ___ Stop spreading FUD and lies. This is NOT a protocol weakness in any TLS version, it is an implementation *bug* affecting multiple TLS implementations, specifically those that don't implement the *required* checks of the padding during decryption. The cryptographers would disagree with you. The various attacks against the design defects appear to offer proof by counter example. Here's the analysis by Krawczyk: The Order of Encryption and Authentication for Protecting Communications, http://www.iacr.org/archive/crypto2001/21390309.pdf. Here's his recent remarks on the TLS WG mailing list where he revisited his conclusions, and called out SSL/TLS as being unconditionally insecure (due to a misunderstanding in the way padding was applied). From http://www.ietf.org/mail-archive/web/tls/current/msg13677.html: So the math in the paper is correct - the conclusion that TLS does it right is wrong. It doesn't. He is saying exactly what I said (padding before mac is safe, TLS with CBC does thatwrong). The only thing I said was right was the SSL case with no padding at all (stream ciphers, in casethere was a good one in SSL 3). Now the POODLE against TLS 1.0 is NOT about all that. It is about *broken* TLS 1.0implementations that fail to implement the indirect protection of the padding specified in the TLS 1.0 RFC.Specifically, those implementations fail to implement that only a single padding content value is authenticfor each given padding size, and at most 32 padding size/value pairs are valid for any given authenticatedmessage size. This indirect protection in TLS 1.0 greatly reduces the power of the padding oracle, since the chance thatan interesting plaintext snippet matches one of the 32 permitted values is a lot less than the chance of matching one of the 2**61 permitted values in SSL 3 padding. These numbers are for 64 bit block size,for 128 bit block size, the numbers are 16 vs 2**124 . Variations in how the attacker detects acceptance as padding could change the numbers to 256 or 1 for *correct* TLS 1.0 pad checks versus 2**64 or 2**56for SSL 3. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Soborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
[openssl-users] Call for HP Proliant wizard
We've had some reliability and performance issues with the systems running various OpenSSL related services (www, git, E-mail, etc.). Earlier this year we purchased a shiny new high-dollar (for us!) HP DL360 server that is running in Munich (hosting courtesy of SpaceNet AG). We've been moving services to that system in fits and starts as time and distractions permit, most recently E-mail services. Alas we're experiencing an apparent hardware issue (critical but otherwise unspecified BIOS/Hardware Health failure) that has twice crashed that system. Not good for our plan to use that hardware to support all OpenSSL services. We have the extra cost support from HP (Care Pack), but that is turning out to be of limited value in resolving an issue with no immediately obvious smoking gun symptoms. None of us here are very familiar with the formidable jungle of HP acronyms, jargon, and proprietary tools. I know there are a lot of amazingly experienced people in the OpenSSL community and following this list. If you're familiar with the HP Proliant ecosystem (and the likes of iLO 4, Active Health System, SPP) and would be willing to do a little hand-holding then please drop me a line. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc ___ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
Re: [openssl-users] Devolução de cheque favor entrar em contato.0076554 (92887) (Working remotely)
I am working remotely Tuesday Oct. 12th and will be in the office Wednesday after 12 noon. Karen Karen E. Schnite Public Opinion Laboratory Northern Illinois University 148 N. Third Street DeKalb, IL 60115 815-753-0950 fax 815-753-2305 Visit our web page at www.pol.niu.edu ___ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
Re: [openssl-users] Devolução de cheque favor entrar em contato.0076554 (92887) (I will be in meetings most of the day with no access to email.)
I will be in meetings most of the day with no access to email. I will be responding to emails after 3 PM today. Karen Karen E. Schnite Public Opinion Laboratory Northern Illinois University 148 N. Third Street DeKalb, IL 60115 815-753-0950 fax 815-753-2305 Visit our web page at www.pol.niu.edu ___ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
Re: [openssl-users] Devolução de cheque favor entrar em contato.0076554 (92887) (Out of Office)
Spam detection software, running on the system mta, has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. Content preview: I am currently away from my office. Please contact Mindy Schneiderman at 815.753.0039 or schneider...@niu.edu during my absence. Thank you, Karen E Schnite Project Manager Northern Illinois University Public Opinion Laboratory [...] Content analysis details: (5.3 points, 5.0 required) pts rule name description -- -- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: niu.edu] 0.0 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist [URIs: informacheque.info] 1.7 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: informacheque.info] 1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: informacheque.info] 1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist [URIs: informacheque.info] ---BeginMessage--- I am currently away from my office. Please contact Mindy Schneiderman at 815.753.0039 or schneider...@niu.edu during my absence. Thank you, Karen E Schnite Project Manager Northern Illinois University Public Opinion Laboratory 815.753.0950 www.pol.niu.edu Karen E. Schnite Public Opinion Laboratory Northern Illinois University 148 N. Third Street DeKalb, IL 60115 815-753-0950 fax 815-753-2305 Visit our web page at www.pol.niu.edu openssl-users@openssl.org 12/15/14 12:30 Spam detection software, running on the system mta, has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. Content preview: Spam detection software, running on the system mta, has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. [...] Content analysis details: (5.1 points, 5.0 required) pts rule name description -- -- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: openssl.org] 1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: informacheque.info] 0.0 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist [URIs: informacheque.info] 1.7 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: informacheque.info] -1.0 ALL_TRUSTEDPassed through trusted hosts only via SMTP 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 T_KHOP_FOREIGN_CLICK No description available. 1.0 HTML_IMAGE_ONLY_16 BODY: HTML: images with 1200-1600 bytes of words 0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image 0.1 SUBJECT_NEEDS_ENCODING No description available. 1.1 SUBJ_ILLEGAL_CHARS Subject: has too many raw illegal characters The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor. ---End Message--- ___ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
Re: [openssl-users] Devolução de cheque favor entrar em contato.0076554 (92887) (Out of office)
Spam detection software, running on the system mta, has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. Content preview: I am no longer with NIU or the Public Opinion Laboratory. I may be reached via email (karenschn...@gmail.com) or 847.404.2814 To reach the POL, please contact Mindy Schneiderman at 815.753.0039 or schneider...@niu.edu [...] Content analysis details: (5.3 points, 5.0 required) pts rule name description -- -- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: openssl.org] 0.0 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist [URIs: informacheque.info] 1.7 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: informacheque.info] 1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: informacheque.info] 1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist [URIs: informacheque.info] ---BeginMessage--- I am no longer with NIU or the Public Opinion Laboratory. I may be reached via email (karenschn...@gmail.com) or 847.404.2814 To reach the POL, please contact Mindy Schneiderman at 815.753.0039 or schneider...@niu.edu Thank you, Karen E Schnite http://www.linkedin.com/in/karenschnite Karen E. Schnite Public Opinion Laboratory Northern Illinois University 148 N. Third Street DeKalb, IL 60115 815-753-0950 fax 815-753-2305 Visit our web page at www.pol.niu.edu openssl-users@openssl.org 12/15/14 12:30 Spam detection software, running on the system mta, has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. Content preview: Spam detection software, running on the system mta, has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. [...] Content analysis details: (5.1 points, 5.0 required) pts rule name description -- -- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: openssl.org] 1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: informacheque.info] 0.0 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist [URIs: informacheque.info] 1.7 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: informacheque.info] -1.0 ALL_TRUSTEDPassed through trusted hosts only via SMTP 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 T_KHOP_FOREIGN_CLICK No description available. 1.0 HTML_IMAGE_ONLY_16 BODY: HTML: images with 1200-1600 bytes of words 0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image 0.1 SUBJECT_NEEDS_ENCODING No description available. 1.1 SUBJ_ILLEGAL_CHARS Subject: has too many raw illegal characters The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor. ---End Message--- ___ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
[openssl-users] Automatic reply: Devolução de cheque favor entrar em contato.0076554 (92887)
I'm currently out of office with limited access to email and voicemail. I'll be back in the office on Wednesday 12/17. Carlo ___ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
