[openssl-dev] recent EC_PRE_COMP changes

https://github.com/openssl/openssl/commit/3aef36ffef89849348049296892327e6fdf9d705 That commit caused EC_PRE_COMP to lose a lot of generality. Was a function pointer approach like below considered? I'm not trying to resurrect EC_EXTRA_DATA, but a *little* flexibility would be nice. BBB diff

Re: [openssl-dev] [openssl.org #4226] FIX: ADD IPv6 support for OCSP Responder

Dear Rich, On Mon, Jan 25, 2016 at 5:06 PM, Rich Salz via RT wrote: > We are working on full IPv6 support and it will appear in the next release. > Do you mean 1.1.0? Thank you! -- SY, Dmitry Belyavsky ___ openssl-dev mailing

Re: [openssl-dev] [openssl.org #4226] FIX: ADD IPv6 support for OCSP Responder

Dear Rich, On Mon, Jan 25, 2016 at 5:06 PM, Rich Salz via RT wrote: > We are working on full IPv6 support and it will appear in the next release. > Do you mean 1.1.0? Thank you! -- SY, Dmitry Belyavsky ___ openssl-dev mailing

Re: [openssl-dev] ECDH engine

When I started to write the ECDSA code for engine_pkcs11  in 2011 the code to support the method hooks was not in the code. So I used internal OpenSSL header files to copy the ECDSA_METHOD  and replace the function needed. Look for "BUILD_WITH_ECS_LOCL_H" in libp11. 

[openssl-dev] [openssl.org #4226] FIX: ADD IPv6 support for OCSP Responder

We are working on full IPv6 support and it will appear in the next release. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4270] OpenSSL 1.0.1 Installation bug

This was the result after a make report command. Is it a linking error on my part? testlog Description: Binary data ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] s_client version 1.1 fails to handshake to s_server when -nocert option

> On Jan 10, 2016, at 8:39 AM, Michel wrote: > > but NOT with version 1.1-pre : > openssl s_server -nocert -cipher "ALL:eNULL:@STRENGTH" > openssl s_client -cipher "ALL:eNULL:@STRENGTH" > Try: -cipher "ALL:eNULL:@STRENGTH:@SECLEVEL=0" The default security

Re: [openssl-dev] [openssl.org #4271] Enhancement Request: Support TCP Fast Open

On Mon 2016-01-25 13:51:11 -0500, Viktor Dukhovni wrote: > On Mon, Jan 25, 2016 at 06:42:02PM +, Kurt Roeckx via RT wrote: > >> On Mon, Jan 25, 2016 at 06:24:55PM +, Sara Dickinson via RT wrote: >> > I would like to request that support be added to OpenSSL to enable >> > client

Re: [openssl-dev] s_client version 1.1 fails to handshake to s_server when -nocert option

Thank you very much for your answer Viktor ! It works, using : openssl s_server -nocert -cipher "ALL:@STRENGTH:@SECLEVEL=0" openssl s_client -cipher "ALL:@STRENGTH:@SECLEVEL=0" I was able to handshake a "AECDH-AES256-SHA" cipher. :-) I will try to investigate deeper around the SECLEVEL=... keyword

Re: [openssl-dev] [openssl.org #4271] Enhancement Request: Support TCP Fast Open

On Mon, Jan 25, 2016 at 06:42:02PM +, Kurt Roeckx via RT wrote: > On Mon, Jan 25, 2016 at 06:24:55PM +, Sara Dickinson via RT wrote: > > Hi, > > > > I would like to request that support be added to OpenSSL to enable client > > applications to make use use of TCP Fast Open > >

Re: [openssl-dev] [openssl.org #4271] Enhancement Request: Support TCP Fast Open

On Mon, Jan 25, 2016 at 06:24:55PM +, Sara Dickinson via RT wrote: > Hi, > > I would like to request that support be added to OpenSSL to enable client > applications to make use use of TCP Fast Open > (https://tools.ietf.org/html/rfc7413 ) > when

[openssl-dev] [openssl.org #4271] Enhancement Request: Support TCP Fast Open

Hi, I would like to request that support be added to OpenSSL to enable client applications to make use use of TCP Fast Open (https://tools.ietf.org/html/rfc7413 ) when initiating the TLS handshake on Linux (TCP Fast Open is available in Linux kernel >

Re: [openssl-dev] s_client version 1.1 fails to handshake to s_server when -nocert option

> On Jan 25, 2016, at 11:36 AM, Michel wrote: > > Thank you very much for your answer Viktor ! > It works, using : > openssl s_server -nocert -cipher "ALL:@STRENGTH:@SECLEVEL=0" > openssl s_client -cipher "ALL:@STRENGTH:@SECLEVEL=0" > I was able to handshake a

Re: [openssl-dev] s_client version 1.1 fails to handshake to s_server when -nocert option

I just found the man about setting the security level which is very helpful. May I suggest that a link be added to the 'see also' paragraph of the ciphers documentation ? >From https://www.openssl.org/docs/manmaster/apps/ciphers.html To

[openssl-dev] Forthcoming OpenSSL releases

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Forthcoming OpenSSL releases The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2f, 1.0.1r. These releases will be made available on 28th January between approx. 1pm and

[openssl-dev] [openssl.org #4269] Extend ECDH tests to more curves. Add more ECDH KATs.

https://github.com/openssl/openssl/pull/587 ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev