n "we want a lightweight cipher and NSA gave us
one".
If there is serious demand for more lightweight ciphers in TLS I'd
expect some kind of open and transparent competition like it happened
with AES or SHA3 - or at least some open discussion in CFRG. However I'm
not convinced t
hat I'd find more
concerning is that from what I observed there hasn't been a lot of
research about speck.
--
Hanno Böck
https://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
starts with 8 leading zero bits, there'll be a timing signal in
BN_bn2bin. BoringSSL solves
<https://boringssl.googlesource.com/boringssl/+/296a61d6007688a1472798879b81517920e35dff/crypto/fipsmodule/bn/bytes.c#208>
the
latter problem, but not the former.
[1] https://robotattack.org/
--
On Tue, 5 Dec 2017 19:21:50 +
"Salz, Rich via openssl-dev" wrote:
> There is never any reason to use this in TCP-based TLS;
> that was an OpenSSL bug that enabled it there.
I opened an issue for this bug, so it can be fixed:
https://github.com/openssl/openssl/issues/4856
es the heartbeat extension by default in every clienthello
it sends.
In the whole Heartbleed aftermath nobody was ever able to tell me where
TLS Heartbeats are used. It's a feature in order to have a feature.
--
Hanno Böck
https://hboeck.de/
mail/jabber: ha...@hb
Cloudflare etc.) speak up and say that
in the future they'll boycott vendors that deploy such
Internet-breaking devices.
--
Hanno Böck
https://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
ibraries and applications that use them.
I can't answer on how to best report those bugs, but:
That sounds like interesting research.
Will you make the tool and the corresponding scientific publication
public?
--
Hanno Böck
https://hboeck.de/
mail/jabber: ha
rated.
--
Hanno Böck
https://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgphcvkUwXBql.pgp
Description: OpenPGP digital signature
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Hi,
The latest news on the openssl start page is
16-Mar-2016Beta 1 of OpenSSL 1.1.0 is now available: please download
and test it
However the latest download on /source is
2016-Mar-16 17:43:30openssl-1.1.0-pre4.tar.gz
Is pre4 supposed to be the same as beta1?
--
Hanno Böck
https
is imho mostly irrelevant in practice.
The difference between the two approaches may become mostly irrelevant
once all major browsers support at least one aead mode with 256 bit,
but I'm not sure if that's going to happen any time soon.
--
Hanno Böck
https://hboeck.de/
mail/jabber: h
f the (most likely more secure) AES128 in GCM mode.
Can this be changed before 1.1.0 gets out?
--
Hanno Böck
https://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgp9aiNaxHyXU.pgp
Description: OpenPGP digital signature
--
openssl-dev mailing list
To unsubscribe: https://mta.openss
current vuln, but I find this risky. It
creates an additional server secret that can leak and bugs in the
elliptic curve key exchange that would be harmless without this feature
could become very severe.
I would therefore propose to do the same change also for ECDH and make
SSL_OP_SINGLE_ECDH_USE
. Not sure about point invalidity. But can
> you open one or two tickets for this?
Done now, RT tickets #4241 and #4242.
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgpgTXmArTMuk.pgp
Description: OpenPGP digital signature
___
inates larger than p.
[1]
https://boringssl.googlesource.com/boringssl/+/38feb990a183362397ebc62774cc07374d146c83%5E%21/#F0
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgpbFDbhMq0Sb.pgp
Description: OpenPGP digital signature
__
Camellia looks very similar, I doubt it will gain any significant use
even if openssl supported camellia-gcm modes.
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgp3rZeH9NrDa.pgp
Description: OpenPGP digital signature
___
ope
lained by that. I'd propose that
OpenSSL doesn't add any new features without a clear explanation what
advantage they bring in which situation - and who is likely going to
use that feature.
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1036765
--
Hanno Böck
http://hboeck.de/
d not take code from OpenSSL.
In the spirit of making OpenSSL as useful as possible for everyone I
would consider a permissive license that's more compatible (e.g. MIT) a
wiser choice.
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgpRcb97ky2Ry.
crypto breaks on reasonable default
configurations?
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgpGwx2xAtO7J.pgp
Description: OpenPGP digital signature
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
ese days, therefore everything that can be
removed should be.
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgp_1NF_v2fSl.pgp
Description: OpenPGP digital signature
___
openssl-dev mailing list
To unsubscribe: https://mt
ch likely won't be backported
anyway), patch should be noncontroversial to apply right away, right?
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgpgIXrPMG9HN.pgp
Description: OpenPGP digital signature
_
icket/Display.html?id=3332&user=guest&pass=guest
Fix parallel builds:
https://rt.openssl.org/Ticket/Display.html?id=2084&user=guest&pass=guest
Build fix of 64 bit on 32 bit systems:
https://bugs.gentoo.org/show_bug.cgi?id=542618
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hb
https://www.blackhat.com/asia-15/briefings.html#bar-mitzva-attack-breaking-ssl-with-13-year-old-rc4-weakness
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgp3WfFXnHCdN.pgp
Description: OpenPGP digital signature
___
op
sl.org/pipermail/openssl-dev/2015-January/000421.html
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgp0DzpKqWEVG.pgp
Description: OpenPGP digital signature
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/m
On Tue, 10 Feb 2015 21:15:36 +
"Salz, Rich" wrote:
> Comments?
Sounds good.
I'd further suggest to move everything that's not PFS&AEAD
from HIGH to MEDIUM.
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgpwviI3Wtd4z.pgp
D
izer.
What's the plan here? Replace openssl's own memory management by
default with "standard" memory management calls or is the plan to
disable the possibility to have standard memory management at all?
If the latter I'd vote against removing that flag.
cu,
--
Hanno B
p versions
(1.0.2a/b)? I would prefer not having to wait with that till 1.1.0.
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
--- openssl-1.0.2-stable-SNAP-20150115/ssl/ssl_ciph.c 2014-12-17 15:01:30.0 +0100
+++ openssl-1.0.2-stable-SNAP-20150115-hash/ssl/
27;t answer whether chacha20-poly1305 or aes-gcm should be
considered "better", but I don't know if there is a clear consensus on
that)
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgpPvtdfvznZX.pgp
Description:
nt code mostly as
it is, just add one further sorting step that will bring GCM ciphers in
front of non-gcm ones.
I think that should give the desired result.
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgp99F4AWZVtw.pgp
Description: Op
A:AECDH-RC4-SHA:ADH-RC4-MD5:EXP-ADH-RC4-MD5:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:EXP-RC4-MD5:EXP-RC4-MD5:RC4-MD5:PSK-RC4-SHA:ECDHE-RSA-NULL-SHA:ECDHE-ECDSA-NULL-SHA:AECDH-NULL-SHA:ECDH-RSA-NULL-SHA:ECDH-ECDSA-NULL-SHA:NULL-SHA256:NULL-SHA:NULL-MD5
--
Hanno Böck
http://hboeck.de/
ingssl and submit them.
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgpOzx88GMmMN.pgp
Description: OpenPGP digital signature
___
openssl-dev mailing list
openssl-dev@openssl.org
https://mta.opensslfoundation.net/mailman
cbc if gcm would be available (just
point chrome to https://www.openssl.org to see it).
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgps7WZymtGQM.pgp
Description: OpenPGP digital signature
___
openssl-dev m
HonorCipherOrder on
SSLCipherSuite HIGH:!MEDIUM:!LOW:!aNULL@STRENGTH
Result: no GCM in chrome/ff, but FS in all ssl labs reference browsers
(and A+ rating).
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgplMFinTgEl3.pgp
Description: OpenPGP digital signature
eally
change the outcome: There are a number of sites probably configured in
good faith with secure settings that result in CBC being preferred over
GCM.
(But good to note that a quick fix is to disable SSLHonorCipherOrder
on affected apache servers)
--
Hanno Bö
On Mon, 15 Dec 2014 20:31:53 -0500
"Salz, Rich" wrote:
> Is this a theoretical issue, or have you seen it in widespread use?
www.openssl.org would be an example where you can see it live and
real :-)
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
ES-256, but only in its less secure mode.
Thoughts?
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgpqaniJapD9b.pgp
Description: OpenPGP digital signature
___
openssl-dev mailing list
openssl-dev@openssl.org
https:
't have any impact. I'm
also running my servers without sslv3 (although the openssl there still
supports it, I just disable it in the software configurations).
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
signature.asc
Description: PGP signature
lly create and use
such dedicate pss keys.
I'm interested: Who has created these certificates and what software
was used there?
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
signature.asc
Description: PGP signature
On Thu, 1 May 2014 14:29:44 +0200
Kurt Roeckx wrote:
> On Thu, May 01, 2014 at 01:35:19PM +0200, Hanno Böck wrote:
> >
> > Maybe this should teach us a lesson: Adding more and more
> > Workarounds for broken stuff isn't the way to go forward. The way
> > to g
attacks and accidental downgrades
- now there's a proposal for a downgrade protection extension that only
tries to fix a problem we wouldn't have in the first place if people
didn't introduce stupid workarounds for broken stuff)
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hb
t likely
there are people asking themselves if they'd better invest their time
in improving openssl or helping out libressl.
So to the openssl devs: Please give some answers.
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
signature.asc
Description: PGP signature
he openssl devs create a new beta2 version that includes the
heartbleed fix?
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
signature.asc
Description: PGP signature
e defaults. Enabling an extension that
nobody uses shouldn't happen. So the default of that switch should be
"off", unless someone has a convincing argument otherwise. Adding
features "because we can" is not helpful and adds attack surface.
--
Hanno Böck
http://hboeck.de/
ould think of removing DSA key support, because nobody uses that
anyway and DSA is a bad algorithm.
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
signature.asc
Description: PGP signature
e should have for SSL implementations.
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
signature.asc
Description: PGP signature
of them can be
tested in a reasonable way by the client. (e.g. testing if a prime
really is a prime is not efficiently possible for large key exchanges -
and there are also weak primes)
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
signature.asc
Description: PGP signature
://twitter.com/matthew_d_green/status/377946072532140032
https://twitter.com/matthew_d_green/status/377946680395845633
I am not familiar with the details, but want to bring it up for
discussion here. Maybe it should be disabled or at least discouraged in
the docs.
cu,
--
Hanno Böck
http://hboeck.de/
mail
agree - going to AES-GCM is the only sane solution at the moment
and everyone should migrate as soon as possible - everything else is
really too broken to rely on it for the medium term.
--
Hanno Böck mail/jabber: ha...@hboeck.de
GPG: BBB51E42 http://www.hboeck.de/
signatu
ith
TLSv1.1 and that doesn't require TLS 1.2? Or what would be the correct
ciphersuite string?
I think what's happening here is that !sslv3 disables all cipher suites
that are part of sslv3, including those that are still supported by
tlsv1.1. However, I'm unsure if that's t
e server than on the
initiating client - changing that would be possible only in the TLS
design. Connection limits can help (though they shouldn't be
limited to renegotiation), but it's not really a nice solution.
--
Hanno Böck mail/jabber: ha...@hboeck.de
GPG: BBB51E42 http://www.hboeck.de/
signature.asc
Description: PGP signature
LS 1.1/1.2
- The interim solution may be just disabling AES and rely on RC4.
So I'd like to repeat my question and hope some of the openssl devs
will answer:
When can we expect a TLS 1.1/1.2 enabled version? What's the status of
openssl 1.0.1?
--
Hanno Böck mail/jabber:
side of a connection has them or do both
need them to be secure? (the most likely scenario with https is probably
an nss client with an openssl server)
--
Hanno Böck mail/jabber: ha...@hboeck.de
GPG: BBB51E42 http://www.hboeck.de/
signature.asc
Description: PGP signature
and going to tls
1.1 or 1.2 should fix it.
AFAIK, openssl current release 1.0.0 has no tls 1.2, but the
planned openssl 1.0.1 should have.
Which leads to the question: Is there a planned timeline for a 1.0.1
release and could this be accelerated if the issue turns out to be
serious?
--
Hanno Böck
e? Or is this a bug somehow? (tried with
openssl 1.0.0d and current cvs code)
--
Hanno Böck mail/jabber: ha...@hboeck.de
GPG: BBB51E42 http://www.hboeck.de/
JETZT zu Ökostrom wechseln: http://atomausstieg-selber-machen.de
signature.asc
Description: PGP signature
Hi,
I was wondering if openssl CVS head is capable of doing cms signing
with rsa pss. Seems not, openssl cms doesn't recognize the
-sigopt rsa_padding_mode:pss
parameter.
Anyone working on this?
cu,
--
Hanno Böck mail/jabber: ha...@hboeck.de
GPG: BBB51E42
estimation when an openssl version supporting PSS will be out)
cu,
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail:ha...@hboeck.de
http://schokokeks.org - professional webhosting
signature.asc
Description: This is a digitally signed message part.
Am Samstag 31 Mai 2008 schrieb Daniel Black:
> On Sat, 31 May 2008 07:13:32 pm Hanno Böck wrote:
> > This patch adds some dependencies to the Makefile targets to allow
> > parallel make to succeed. Please apply.
> >
> > (Patch is taken from Gentoo Linux)
>
> as
This patch adds some dependencies to the Makefile targets to allow parallel
make to succeed. Please apply.
(Patch is taken from Gentoo Linux)
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail:[EMAIL PROTECTED]
signature.asc
Description
This patch will create the /lib/engines directory if it doesn't exist on
installation. Please apply.
(Patch taken from gentoo linux)
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail:[EMAIL PROTECTED]
--- openssl-0.9.8/engines/Mak
when it's ready. I'd only like to know if it's something
like "we're shortly before release" or "it'll take years till then" or
something in between.
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber: [EMAIL PROT
59 matches
Mail list logo