[openssl-dev] 1.0.2d — obsolete directives in openssl.cnf?

Hi, everybody. Yesterday I've re-read some openssl (1.0.2d version installed) docs (man x509v3_config) and find the following note: > Netscape Certificate Type > This is a multi-valued extensions which consists of a list of flags to > be included. It was used to indicate the purposes >

[openssl-dev] Cleanup and changing the malloc routines

We are considering a big cleanup to the memory-allocation API's in the next release. Please take a look at the attached documentation, which describes *ALL* of the public functions, and let us know if it will cause a problem. Thanks. -- Senior Architect, Akamai Technologies IM:

[openssl-dev] [openssl.org #3927] regression in 1.0.2c spotted by Net-SSLeay

Not a bug, incorrect usage. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3938] Website ciphers.html specifies DHE-RSA-DES-CBC3-SHA, OpenSSL needs EDH-RSA-DES-CBC3-SHA

We do now publish all manpage versions. If there's an error in a specific manpage, please create a new ticket. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] Minor bug in custom TLS extensions

On Wed, Sep 2, 2015 at 3:00 AM, Bill Cox wrote: > On Tue, Sep 1, 2015 at 2:50 PM, Emilia Käsper wrote: > >> It's not quite clear to me why you'd have to resend parameters on >> resumption. After all, they are definitive for the session. Best if the >>

[openssl-dev] [openssl.org #3781] Possible bug

I am afraid that there is not enough information here to diagnose the problem. We'd need to see a more detailed trace and/or the ClientHello contents. This could be https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0291, which was fixed in 1.0.2b, but I can't tell.

Re: [openssl-dev] Minor bug in custom TLS extensions

On 02/09/15 15:50, Bill Cox wrote: > As for the order issue, we parse headers before creating any, so I'll > just not add the header in the AddCallback if s->hit is set on the > server side. This should behave well long term, I think. Except that in master (i.e. version 1.1.0) you will not be

Re: [openssl-dev] Minor bug in custom TLS extensions

On Wed, Sep 2, 2015 at 7:55 AM, Matt Caswell wrote: > > > On 02/09/15 15:50, Bill Cox wrote: > > As for the order issue, we parse headers before creating any, so I'll > > just not add the header in the AddCallback if s->hit is set on the > > server side. This should behave