Re: [twsocket] OpenSSL 1.1.0 is now supported by ICS V8.33
>> Could you also add some conditional define to hide functions that are >> gone I just accidentally noticed that EVP_CIPHER_CTX_init is gone when >> my application started crashing, it would be nice to fail at compile >> time. >Not easily, it would be needed if your application still used 1.0.2, and that >is a runtime decision, not compile time. But I think you need to explicitly specify that you want to use older version, because now you can just recompile application and expect it to work with both old and new versions, when in fact it will fail. Also since it is all security related I think default state should assume working with latest version. >Do you have any useful SSL code for ICS? Not really, I just use it in some cases for encryption >> Also an unrelated question why do we need OverbyteIcsLibeayEx? >> Could not we just put everything in OverbyteIcsLibeay? I think it will >> be easier to support. >Arno did this originally to try and keep the size of twsocket down, although >subsequently added lots of other extra stuff to twsocket. >When I have time to rewrite the export stuff, I'll at least consolidate the >LibeayEx stuff into Libeay so it's easier to see what's missing. You can reduce size by using feature toggle conditional defines, I would also like to have smaller size since I just use few functions. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] OpenSSL 1.1.0 is now supported by ICS V8.33
>> Could you also add GSSLEAY_DLL_IgnoreOld global variable similar to >> GSSLEAY_DLL_IgnoreNew, so we could ignore old dll names for security >> reasons. >This is now added to ICS V8.34. >Also corrected next OpenSSL release is 1.1.1 not 1.1.0a, so this build will >support up to 1.1.999. >Will need to revisit this stuff when OpenSSL 1.2.0 is released with new DLL >names in a few years time, maybe sooner if it's needed for TLS/1.3, although >1.1.0 already contains many of the >new features, except the actual simplified >handshake. Thank you! Could you also add some conditional define to hide functions that are gone I just accidentally noticed that EVP_CIPHER_CTX_init is gone when my application started crashing, it would be nice to fail at compile time. Also an unrelated question why do we need OverbyteIcsLibeayEx? Could not we just put everything in OverbyteIcsLibeay? I think it will be easier to support. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] OpenSSL 1.1.0 is now supported by ICS V8.33
> Could you also add GSSLEAY_DLL_IgnoreOld global variable similar > to GSSLEAY_DLL_IgnoreNew, so we could ignore old dll names for > security reasons. This is now added to ICS V8.34. Also corrected next OpenSSL release is 1.1.1 not 1.1.0a, so this build will support up to 1.1.999. Will need to revisit this stuff when OpenSSL 1.2.0 is released with new DLL names in a few years time, maybe sooner if it's needed for TLS/1.3, although 1.1.0 already contains many of the new features, except the actual simplified handshake. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] OpenSSL 1.1.0 is now supported by ICS V8.33
> Could you also add GSSLEAY_DLL_IgnoreOld global variable similar > to GSSLEAY_DLL_IgnoreNew, so we could ignore old dll names for > security reasons. Good idea, I'll do that next week. However OpenSSL 1.0.2 is the current recommended long term release and will get security patches for a few more years. I can understand you may not want to distribute two versions. At least the new public variable GSSL_DLL_DIR can be set to force ICS to use a specific directory, instead of randomly search windows for any OpenSSL DLLs in the path. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] OpenSSL 1.1.0 is now supported by ICS V8.33
Thank you very much! Could you also add GSSLEAY_DLL_IgnoreOld global variable similar to GSSLEAY_DLL_IgnoreNew, so we could ignore old dll names for security reasons. -Original Message- From: TWSocket [mailto:twsocket-boun...@lists.elists.org] On Behalf Of Angus Robertson - Magenta Systems Ltd Sent: August 29, 2016 9:20 AM To: twsocket@lists.elists.org Subject: [twsocket] OpenSSL 1.1.0 is now supported by ICS V8.33 Our OpenSSL 1.1.0 DLLs are now available from the wiki page: http://wiki.overbyte.be/wiki/index.php/ICS_Download which needs ICS V8.33 from the same page or from SVN. There were a lot of SSL changes in V8.27 and since, please see the notes in wsocket. I'll post another message with more details about SSL changes later this week, when I have spare time. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] OpenSSL 1.1.0 is now supported by ICS V8.33
Our OpenSSL 1.1.0 DLLs are now available from the wiki page: http://wiki.overbyte.be/wiki/index.php/ICS_Download which needs ICS V8.33 from the same page or from SVN. There were a lot of SSL changes in V8.27 and since, please see the notes in wsocket. I'll post another message with more details about SSL changes later this week, when I have spare time. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
