On Tue, Jan 26, 2016 at 09:37:58PM +, Salz, Rich wrote:
> TFO is interesting because it lets UDP-style attacks happen at the TCP
> level. Normally you can't do a TCP attack unless you have a valid client
> IP address.
>
> Imagine connecting once and then sending the syncookie to the botnet.
Hi Uri,
Let me know if you have any questions about these patches.
Thank you,
Alex.
On Wed, Jan 20, 2016 at 12:49 PM, Douglas E Engert
wrote:
> When I started to write the ECDSA code for engine_pkcs11 in 2011 the code
> to support the method hooks was not
> in the code. So I used internal Op
On Tue 2016-01-26 16:37:58 -0500, Salz, Rich wrote:
> TFO is interesting because it lets UDP-style attacks happen at the TCP
> level. Normally you can't do a TCP attack unless you have a valid
> client IP address.
>
> Imagine connecting once and then sending the syncookie to the botnet.
This sugg
On Tue 2016-01-26 16:37:58 -0500, Salz, Rich wrote:
> TFO is interesting because it lets UDP-style attacks happen at the TCP
> level. Normally you can't do a TCP attack unless you have a valid
> client IP address.
>
> Imagine connecting once and then sending the syncookie to the botnet.
This sugg
In OpenLDAP we reference X509_NAME->bytes->data directly, we want the DER
bytes which we then pass thru our own DN validator/formatter. This no longer
works with OpenSSL 1.1 and I don't see any provided method to return the DER
bytes. I don't want a malloc'd copy, I just want read-only access to
Quanah Gibson-Mount wrote:
--On Thursday, January 21, 2016 5:58 PM + Howard Chu
wrote:
In OpenLDAP we reference X509_NAME->bytes->data directly, we want the DER
bytes which we then pass thru our own DN validator/formatter. This no
longer works with OpenSSL 1.1 and I don't see any provided
--On Thursday, January 21, 2016 5:58 PM + Howard Chu
wrote:
In OpenLDAP we reference X509_NAME->bytes->data directly, we want the DER
bytes which we then pass thru our own DN validator/formatter. This no
longer works with OpenSSL 1.1 and I don't see any provided method to
return the DER by
TFO is interesting because it lets UDP-style attacks happen at the TCP level.
Normally you can't do a TCP attack unless you have a valid client IP address.
Imagine connecting once and then sending the syncookie to the botnet.
This might be outside the scope of things OpenSSL cares about and I k
TFO is interesting because it lets UDP-style attacks happen at the TCP level.
Normally you can't do a TCP attack unless you have a valid client IP address.
Imagine connecting once and then sending the syncookie to the botnet.
This might be outside the scope of things OpenSSL cares about and I k
On Tue, Jan 26, 2016 at 02:17:57PM +, Sara Dickinson via RT wrote:
>
> > On 25 Jan 2016, at 18:42, Kurt Roeckx via RT wrote:
> >
> > On Mon, Jan 25, 2016 at 06:24:55PM +, Sara Dickinson via RT wrote:
> >> Hi,
> >>
> >> I would like to request that support be added to OpenSSL to enable c
> Well I don't see an ex_data attached to EC_GROUP or EC_METHOD.
No, do you need those? We can add them.
> When I look at ec_lib.c, pre_comp_type is only being checked in switch
> statements in _free and _dup style wrappers. Seems out of place and oddly
> specific. Just one dude's opinion :)
Th
>> That commit caused EC_PRE_COMP to lose a lot of generality. Was a function
>> pointer approach like below considered? I'm not trying to resurrect
>> EC_EXTRA_DATA, but a *little* flexibility would be nice.
>
> What functionality was lost that isn't available in the public and standard
> EX_DATA
Hello,
I came across a problem while I was creating a certificate.
I tried to set encoding type of the explicitText in Certificate Policies to
utf-8 by prependig a
corresponding tag in my .cnf file, as shown in the following example.
...
userNotice.1=@noticesec1
[ noticesec1 ]
expli
> That commit caused EC_PRE_COMP to lose a lot of generality. Was a function
> pointer approach like below considered? I'm not trying to resurrect
> EC_EXTRA_DATA, but a *little* flexibility would be nice.
What functionality was lost that isn't available in the public and standard
EX_DATA model?
Pull request for RT4272:
https://github.com/openssl/openssl/pull/589
--
-Todd Short
// tsh...@akamai.com
// "One if by land, two if by sea, three if by the Internet."
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo
Hello:
When DTLS is disabled in master (./config no-dtls) the corresponding unit tests
fail. The same thing would happen if TLS were disabled. The issue is in the
’TLS Version min/max tests’ and DTLS Version min/max tests’. The skip function
is not called within a SKIP: { } block, causing the t
> On 25 Jan 2016, at 18:42, Kurt Roeckx via RT wrote:
>
> On Mon, Jan 25, 2016 at 06:24:55PM +, Sara Dickinson via RT wrote:
>> Hi,
>>
>> I would like to request that support be added to OpenSSL to enable client
>> applications to make use use of TCP Fast Open
>> (https://tools.ietf.org/h
On 21/01/16 17:57, Viktor Dukhovni wrote:
> On Thu, Jan 21, 2016 at 05:33:51PM +, Howard Chu wrote:
>
>> In OpenLDAP we've been using
>> CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX)
>> to manage our own SSL_CTXs but this is not possible with current 1.1. Making
>> the structures op
18 matches
Mail list logo