Re: [openssl-dev] s3_clnt.c changes regarding external pre-shared secret seem to break EAP-FAST

Someone that understands EAP better than myself should probably provide input. But my limited understand of EAP-FAST is it contributes to the master secret calculation used for the TLS session. See section RFC 4851 Section 5.1. My understanding is this logic applies to both new and resumed se

Re: [openssl-dev] s3_clnt.c changes regarding external pre-shared secret seem to break EAP-FAST

On Tue, Mar 24, 2015 at 2:01 PM, John Foley wrote: > Trying again w/o PGP... :-) > > Thanks for taking a look at this problem. Regarding how to handle a > failure in the session secret callback, the legacy logic would likely > result in a "bad record mac" error because the master secrets on th

[openssl-dev] Explicit call to SSL_CTX_check_private_key() no longer needed ?

OpenSSL 1.0.2a A call to SSL_CTX_check_private_key() is already done in ssl_set_pkey() / SSL_CTX_use_PrivateKey() line 597. Consequently, SSL_CTX_check_private_key() is called twice in apps\s_cb.c, set_cert_key_stuff() line 274. This might be enclosed in an include directive testing the

Re: [openssl-dev] Seeking feedback on some #ifdef changes

> TLS connection could be established without X509 certs and storage support > (e.g. CoAP protocol with PSK cipher suites). > It would be great to build libssl library without X509 at all. I'd be interested in working patches. ___ openssl-dev mailing li

Re: [openssl-dev] Seeking feedback on some #ifdef changes

TLS connection could be established without X509 certs and storage support (e.g. CoAP protocol with PSK cipher suites). It would be great to build libssl library without X509 at all. Thank you Alexey ___ openssl-dev mailing list To unsubscribe: https:

[openssl-dev] [openssl.org #3766] OS/400 port of OpenSSL 1.0.1m

I updated the patch after the OpenSSL team reformatted the code. De la: Dan Fulger Trimis: 4 iulie 2014 18:03 Către: r...@openssl.org Subiect: I updated George Shaw's 0.9.8e port to OS/400 from 2007 The attached patch and notes apply to 1.0.1h. OS/400 fixe

Re: [openssl-dev] [openssl-users] Is RC4-MD5 disabled on Openssl-1.0.1h

On Thu, Mar 26, 2015 at 10:42:21AM +0530, Mukesh Yadav wrote: > HI, > > I have a query for SSl cipher on Openssl-1.0.1h > Have an application which is using library compiled with openssl-1.0.1h. > > Application is failing in func SSL_CTX_set_cipher_list() when input is " > RC4-MD5+RC4-SHA" and it

Re: [openssl-dev] server code for SNI?

On Wednesday 25 March 2015 12:59:54 Igenyar Saharam wrote: > Hi, > > > I am interested in the TLS extension of Server Name Indication (SNI). The > link provided here https://wiki.openssl.org/index.php/SSL/TLS_Client only > contains the client side code. If I want to write the server side that > s