For those of us still using the 0.9.8-line, I see three options for addressing
CRIME:
1) recompile our OpenSSL libraries with compression disabled,
2) programmatically disable it for all SSL connections using
"sk_SSL_COMP_zero()" as described in the patches at
http://www.dest-unreach.org/socat/
On Tue, Oct 23, 2012, Tomas Hoger wrote:
> On Thu, 18 Oct 2012 23:55:41 +0200 Andrey Kulikov wrote:
>
> > > OpenSSL enables zlib by default.
> >
> > Could you please advice for what version and platform this is true?
> >
> > openssl-1.0.1c for linux-elf
> > has no-zlib configured by default.
>
On Thu, 18 Oct 2012 23:55:41 +0200 Andrey Kulikov wrote:
> > OpenSSL enables zlib by default.
>
> Could you please advice for what version and platform this is true?
>
> openssl-1.0.1c for linux-elf
> has no-zlib configured by default.
Sorry, I asked the wrong way. OpenSSL, when compiled with
On 10/23/2012 10:50 AM, Erik Tkal wrote:
For RSA and DSA signing operations I use an ENGINE that registers for RSA and
DSA and “intercepts” the private key operations in order to call out to CAPI.
I’m now trying to add support for ECDSA but the method structure for this is
private. What is
For RSA and DSA signing operations I use an ENGINE that registers for RSA and
DSA and "intercepts" the private key operations in order to call out to CAPI.
I'm now trying to add support for ECDSA but the method structure for this is
private. What is the expected mechanism to utilize an engine i
Thanks for the link.
Actually interresting with good advices.
It reminds us that a secure lib is not enough, we have to fight
themselves against too much lazyness or negligence.
Le 22/10/2012 20:56, toorandom a écrit :
What do you think?
https://twitter.com/toorandom/status/2604180480355491