Re: Removing tls1 support in Openssl 1.0.2o
Hi Sam Did you try : openssl-1.0.2u.tar.gz : Configuring for Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags] pick os/compiler from: BC-32 BS2000-OSD BSD-generic32 BSD-generic64 BSD-ia64 BSD-sparc64 BSD-sparcv8 BSD-x86 BSD-x86-elf BSD-x86_64 Cygwin Cygwin-x86_64 DJGPP MPE/iX-gcc OS2-EMX OS390-Unix QNX6 QNX6-i386 ReliantUNIX SINIX SINIX-N UWIN VC-CE VC-WIN32 VC-WIN64A VC-WIN64I aix-cc aix-gcc aix3-cc aix64-cc aix64-gcc android android-armv7 android-mips android-x86 android64-aarch64 aux3-gcc beos-x86-bone beos-x86-r5 bsdi-elf-gcc cc cray-j90 cray-t3e darwin-i386-cc darwin-ppc-cc darwin64-ppc-cc darwin64-x86_64-cc dgux-R3-gcc dgux-R4-gcc dgux-R4-x86-gcc dist gcc hpux-cc hpux-gcc hpux-ia64-cc hpux-ia64-gcc hpux-parisc-cc hpux-parisc-cc-o4 hpux-parisc-gcc hpux-parisc1_1-cc hpux-parisc1_1-gcc hpux-parisc2-cc hpux-parisc2-gcc hpux64-ia64-cc hpux64-ia64-gcc hpux64-parisc2-cc hpux64-parisc2-gcc hurd-x86 iphoneos-cross irix-cc irix-gcc irix-mips3-cc irix-mips3-gcc irix64-mips4-cc irix64-mips4-gcc linux-aarch64 linux-alpha+bwx-ccc linux-alpha+bwx-gcc linux-alpha-ccc linux-alpha-gcc linux-aout linux-armv4 linux-elf linux-generic32 linux-generic64 linux-ia32-icc linux-ia64 linux-ia64-icc linux-mips32 linux-mips64 linux-ppc linux-ppc64 linux-ppc64le linux-sparcv8 linux-sparcv9 linux-x32 linux-x86_64 linux-x86_64-clang linux-x86_64-icc linux32-s390x linux64-mips64 linux64-s390x linux64-sparcv9 mingw mingw64 ncr-scde netware-clib netware-clib-bsdsock netware-clib-bsdsock-gcc netware-clib-gcc netware-libc netware-libc-bsdsock netware-libc-bsdsock-gcc netware-libc-gcc newsos4-gcc nextstep nextstep3.3 osf1-alpha-cc osf1-alpha-gcc purify qnx4 rhapsody-ppc-cc sco5-cc sco5-gcc solaris-sparcv7-cc solaris-sparcv7-gcc solaris-sparcv8-cc solaris-sparcv8-gcc solaris-sparcv9-cc solaris-sparcv9-gcc solaris-x86-cc solaris-x86-gcc solaris64-sparcv9-cc solaris64-sparcv9-gcc solaris64-x86_64-cc solaris64-x86_64-gcc sunos-gcc tandem-c89 tru64-alpha-cc uClinux-dist uClinux-dist64 ultrix-cc ultrix-gcc unixware-2.0 unixware-2.1 unixware-7 unixware-7-gcc vos-gcc vxworks-mips vxworks-ppc405 vxworks-ppc60x vxworks-ppc750 vxworks-ppc750-debug vxworks-ppc860 vxworks-ppcgen vxworks-simlinux debug debug-BSD-x86-elf debug-VC-WIN32 debug-VC-WIN64A debug-VC-WIN64I debug-ben debug-ben-darwin64 debug-ben-debug debug-ben-debug-64 debug-ben-debug-64-clang debug-ben-macos debug-ben-macos-gcc46 debug-ben-no-opt debug-ben-openbsd debug-ben-openbsd-debug debug-ben-strict debug-bodo debug-darwin-i386-cc debug-darwin-ppc-cc debug-darwin64-x86_64-cc debug-geoff32 debug-geoff64 debug-levitte-linux-elf debug-levitte-linux-elf-extreme debug-levitte-linux-noasm debug-levitte-linux-noasm-extreme debug-linux-elf debug-linux-elf-noefence debug-linux-generic32 debug-linux-generic64 debug-linux-ia32-aes debug-linux-pentium debug-linux-ppro debug-linux-x86_64 debug-linux-x86_64-clang debug-rse debug-solaris-sparcv8-cc debug-solaris-sparcv8-gcc debug-solaris-sparcv9-cc debug-solaris-sparcv9-gcc debug-steve-opt debug-steve32 debug-steve64 debug-vos-gcc ie: ./Configure [ os/compiler from above ] no-ssl no-tls no-dtls no-ssl3-method no-tls1-method no-tls1_1-method no-tls1_2-method no-dtls1-method no-dtls1_2-method no-nextprotoneg no-comp > On 19 Apr 2020, at 09:50, Sam Kappen wrote: > > Hi > > We are using a poky with branch "rocko" based build system. > Looking for disabling sslv3 tlsv1 on openssl.(Openssl 1.0.2o) > > I am seeing SSLv3 support in Openssl 1.0.2o is disabled by default. > This patch is already part of our build system. > https://patchwork.openembedded.org/patch/88921/ > > For disabling tls1 tried with EXTRA_OECONF = " -no-ssl3 -no-tls1" but > seems like all of the tls1, tls1_1, tls1_2 are disabled. > > Request your help in disabling the protocol tls1 in openssl. > > Regards, > Sam -- Regards, Mark A. Lane © Mark A. Lane 1980 - 2020, All Rights Reserved. © FooCrypt 1980 - 2020, All Rights Reserved. © FooCrypt, A Tale of Cynical Cyclical Encryption. 1980 - 2020, All Rights Reserved. © Cryptopocalypse 1980 - 2020, All Rights Reserved.
Removing tls1 support in Openssl 1.0.2o
Hi We are using a poky with branch "rocko" based build system. Looking for disabling sslv3 tlsv1 on openssl.(Openssl 1.0.2o) I am seeing SSLv3 support in Openssl 1.0.2o is disabled by default. This patch is already part of our build system. https://patchwork.openembedded.org/patch/88921/ For disabling tls1 tried with EXTRA_OECONF = " -no-ssl3 -no-tls1" but seems like all of the tls1, tls1_1, tls1_2 are disabled. Request your help in disabling the protocol tls1 in openssl. Regards, Sam
TLS1 support in openssl?
Hi, how does openssl 0.9.8b support tls? I went through the code and it looks like tls is just like an alias for SSLv3. Can someone tell me where exactly TLS1 and SSLv3 differ? What are the changes that they will differ in future? Thank you, ~ UrjitDISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
Re: TLS1 support in openssl?
Hello, how does openssl 0.9.8b support tls? I went through the code and it looks like tls is just like an alias for SSLv3. Can someone tell me where exactly TLS1 and SSLv3 differ? In general they are very close, but main difference are: - protocol version in messages (SSL3: 0300, TLS1: 0301) - altert protocol messages ( SSL3: 12, TLS1: 23) - message authentication mechanism - key material generation mechanism - CertificateVerify handshake packet calculation - Finished handshake packet calculation What are the changes that they will differ in future? I do not know. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: TLS1 support in openssl?
- Original Message - From: Marek Marcola [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Tuesday, August 22, 2006 3:41 PM Subject: Re: TLS1 support in openssl? Hello, how does openssl 0.9.8b support tls? I went through the code and it looks like tls is just like an alias for SSLv3. Can someone tell me where exactly TLS1 and SSLv3 differ? In general they are very close, but main difference are: - protocol version in messages (SSL3: 0300, TLS1: 0301) - altert protocol messages ( SSL3: 12, TLS1: 23) - message authentication mechanism - key material generation mechanism - CertificateVerify handshake packet calculation - Finished handshake packet calculation Thank you for the quick reply. So, I guess SSLv3 and TLS are almost identicle as far as encryptions are concerned and TLS differs from SSLv3 in terms of handshake, authentication, key management. If this is correct, then now onwards what should be preffered methods used for SSL_CTX_new() ? Should it be SSLv3 or TLSv1? Any perticular or obvious resons for selecting one over the other? thanks, ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: TLS1 support in openssl?
Hello, So, I guess SSLv3 and TLS are almost identicle as far as encryptions are concerned and TLS differs from SSLv3 in terms of handshake, authentication, key management. If this is correct, then now onwards what should be preffered methods used for SSL_CTX_new() ? Should it be SSLv3 or TLSv1? Any perticular or obvious resons for selecting one over the other? For compatibility reasons supporting SSL3 and TLS1 is preferable. You may get this with code: /* enable support of SSL2/SSL3/TLS1 */ ctx = SSL_CTX_new(SSLv23_server_method()); /* disable support of SSL2 */ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); In this case, even when SSL2 is disabled, ClientHello SSL2 handshake packet is understood and accepted if has hint for support higher protocols (SSL3/TLS1). Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]