That's a rather old statement. The latest draft of SP 800-131
(http://csrc.nist.gov/publications/drafts/800-131/draft-sp800-131_spd-june2010.pdf)
is a _lot_ more relaxed, and even the early draft referenced at the page below
did not require any changes that would require TLS v1.2.
Hi Jeseem,
are you sure that the cpu you are using has AESNI enabled?
The toolchain you are using is definitly correct, but the fact that the
engine check was not triggered sounds like your SKU has the instraction
disabled.
You can do a check on the CPU with the below code:
#include stdlib.h
Hello,
What is the current plan to support TLSv1.2 in OpenSSL? NIST issued a
statement requiring federal government to switch to SHA2 family of hash
functions after 2010:
Quote from http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html:
Federal agencies should stop using SHA-1 for
[mi...@riseup.net - Wed Sep 29 09:38:22 2010]:
Hi,
The extended key usages id-kp-ipsecEndSystem, id-kp-ipsecTunnel and
id-kp-ipsecUser are obsoleted as per RFC 4945 ยง 5.1.3.12 section title
ExtendedKeyUsage:
... Note that there were three IPsecrelated object identifiers in EKU
that
[mi...@riseup.net - Wed Sep 29 09:38:36 2010]:
In a recent attempt to add missing extended key usage pieces, I noticed
that the OCSPSigning extended key usage was not fully implemented. It is
perfectly possible that I am not fully cognizant of how the code works,
and it is properly
The RNG in openssl-fips-1.2 is compliant with ANS X9.31, therefore it is OK for
use through 2015 (although deprecated in the language of SP 800-131).
Adding a SP 800-90 RNG (sorry, RBG) to OpenSSL isn't too hard, given that
there's an open-source implementation which passes NIST's test vectors;
Hi,
I am trying to upgrade the openssl library for my work. Currently, I have
0.9.8g. I am looking for appropriate library version which has the fix for
RFC 5746. I cannot move to 1.0.0 version right now. Which stable version
should I pick up ?
I tried with 0.9.8n but facing lot of compile