Hello Patrick,
> While no longer using RC4 might be a good idea, I'm not certain that OpenSSL
> should /force/ it as long as the cipher is still a valid choice.
Agreed, that's why I wrote it should be an SSL{,_CTX}_set_options()
option, but there are no unused values to do that.
> This seems li
While no longer using RC4 might be a good idea, I'm not certain that OpenSSL
should /force/ it as long as the cipher is still a valid choice.
This seems like a job for SSL_CTX_set_cipher_list
(http://www.openssl.org/docs/ssl/SSL_CTX_set_cipher_list.html). A good server
would be calling this an
(this was originally sent to rt@, but it never made it through)
Hello,
considering that RC4 is pretty much broken by now, I don't think there
is a good reason for using it in TLS v1.1+.
Attached patch stops servers from negotiating RC4-based cipher suites
on connections using TLS v1.1+. This is m
Dear All,
i am trying to built the AF_ALG API to access kernel cryptographic API on
an ubuntu machine. I donwloaded the aF_ALG open SOurce code and followed
the instructions to compile it. I then copied the shared library in the
openssl engine path. But I have the following error when I tried to t
On 02/03/2014 09:30 AM, Leon Brits wrote:
> Steve,
>
> Thanks for your help so far.
>
> Q: How is this certification of the algorithms done? Our device only
> has a USB interface acting like a smartcard so will the lab (or OSF)
> use our cryptoki/CSP interface(s) to validate the algorithms or
> s
On Mon, 13 Jan 2014 17:26:23 +0100 Jeff Hodges via RT wrote:
> According to [1], TLS compression is still the default configuration
> of OpenSSL. This opens OpenSSL and all dependent tools (python, ruby,
> etc.) to the CRIME attack.
There was some discussion on this topic on openssl-dev before, t
Steve,
Thanks for your help so far.
Q: How is this certification of the algorithms done? Our device only has a USB
interface acting like a smartcard so will the lab (or OSF) use our cryptoki/CSP
interface(s) to validate the algorithms or should we make a development board,
which has a serial i
On Mon Feb 03 10:10:53 2014, ba...@alum.mit.edu wrote:
> I use a complex CC setting, when I compile, to use gcc but with static
> libgcc (gcc -m64 -static-libgcc), but when I pass this in via the
> environment, the updated Makefile.org in the 1.0.1f distribution chokes with
> /bin/sh: bad substitut
I use a complex CC setting, when I compile, to use gcc but with static
libgcc (gcc -m64 -static-libgcc), but when I pass this in via the
environment, the updated Makefile.org in the 1.0.1f distribution chokes with
/bin/sh: bad substitution on Solaris 10 (x86).
The line in Makefile.org which is ca
