[openssl-dev] [openssl.org #1162] add a discover-server-ciphers to s_client

There are other, more focused, tools on doing this such as nmap, ssllabs, the tool mentioned in this ticket, etc. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3732] Does OpenSSL construe expired certs as reason to downgrade?

Short answer: no. Is the client a browser? Most probably some network hiccup made it retry. No defect here, closing the ticket. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3742] Support s_client -starttls to xmpp server-to-server ports

I'd like to be able to use openssl s_client to diagnose SSL/TLS connections to XMPP/Jabber servers. There are two types of xmpp server ports: (a) those that are used for connections from clients, usually port 5222 (c2s). (b) those that are used for connections from server to server,

[openssl-dev] [openssl.org #3741] [PATCH] Better side-channel security for ECC table lookups

This patch relates to RT 3667 and the paper here (to appear at COSADE 2015): https://eprint.iacr.org/2015/036 Instead of a direct table lookup for precomputed points in the generic ECC multi-scalar multiplication routine, it computes the point by traversing the entire table. Motivation is better

[openssl-dev] [openssl.org #3743] [PATCH] Make it possible to only install libs

This is particularly uesful for places where we don't care about the tools, tests, etc. --- Makefile.org | 15 +++ 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/Makefile.org b/Makefile.org index 4f5bff9..be844aa 100644 --- a/Makefile.org +++ b/Makefile.org @@ -134,7

[openssl-dev] [openssl.org #3744] Enhancement Request

We have no plans to do this. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3744] Enhancement Request

Hi, At the moment, we have SSL handshake making use of a single certificate, using a single key-pair present in the certificate. In the event the MITM has the same certificate(SSL - offloader) then the data can be encrypted/decrypted. Would like to know if we can have the enhancement of using

Re: [openssl-dev] [openssl.org #3744] Enhancement Request

This is more of a request to change the TLS protocol, than an enhancement to OpenSSL. DHE and ECDHE ciphers provide PFS to protect against compromised public key-pairs. However, if a MITM has the same certificate, signed by a trusted certificate authority, then most bets are off.

Re: [openssl-dev] Intent of the private_ wrappers

On 3/10/2015 10:35 PM, Dr. Stephen Henson wrote: I just built OpenSSL 1.0.1 from source using the normal build procedure on Ubuntu Linux 14.04.2 and it *did* make the private_* symbols global in libcrypto.so for example: 000e2180 T private_AES_set_decrypt_key 000e1eb0 T

Re: [openssl-dev] [openssl.org #3744] Enhancement Request

This is more of a request to change the TLS protocol, than an enhancement to OpenSSL. DHE and ECDHE ciphers provide PFS to protect against compromised public key-pairs. However, if a MITM has the same certificate, signed by a trusted certificate authority, then most bets are off.