Re: [openssl-dev] How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?

e protocol version of the > > SSL_SESSION. > > That sounds fairly reasonable. I suggest raising a github pull request > to add the accessor (or just an issue if you prefer). Done; see: https://github.com/openssl/openssl/pull/1135 Thanks, TJ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?

out more of the session data (e.g. the master key) than I'd wanted. Thus I ended up writing my own code for printing out the fields of the SSL_SESSION which I thought would be of interest -- including the protocol version of the SSL_SESSION. Cheers, TJ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?

wever, I don't see an equivalent accessor in the 1.1.x APIs. Have I missed something, or does such a thing not exist yet? Cheers, TJ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4327] SSL_CTX_use_serverinfo_file() causes issues for SSL_CTX with multiple certs

properly. See: https://github.com/openssl/openssl/issues/719 Cheers, TJ -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4327 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4205] Improve the default TLS session ticket key

The default TLS session ticket key used by OpenSSL uses AES128-CBC-SHA256; considering the security offered by newer ciphersuites, the TLS session ticket key algorithm should be updated/improved, at least to AES256-CBC-SHA256. See: https://github.com/openssl/openssl/issues/514 Cheers, TJ

Re: seems openssl version 1.0.1g also infected

On 14/04/14 10:42, LOKESH JANGIR wrote: I am using Ubuntu, Amazon ami with apache 2.0 and mod_ssl installed. I The oldest still-supported Ubuntu version - 10.04 Lucid Lynx - ships with: apache2.2-bin (2.2.14-5ubuntu8.13) [security] Hi Fedor, Thanks for the reply. My httpd path is /usr/sbin/

FIPS mode: failure during build-test of shared library: FIPS_check_incore_fingerprint:fingerprint does not match

I'm working with the Debian/Ubuntu openssl package for Ubuntu 13.10, Saucy, version 1.0.1e. I'm trying to adapt the Debian package-build to produce a FIPS-linked openssl. I've followed the procedure to download, build and install the FIPS canister v2.0.1 which was successful: $ ../../openssl-f

Re: Session resumption

timeout is 300 seconds. Cheers, TJ ~ Solitude vivifies; isolation kills. -Joseph Roux ~

PKCS#7 enveloped objects and ciphers

Or, most likely, I am missing something. =) Cheers, TJ Absence is to love what wind is to fire: it extinguishes the small, it enkindles th

OpenSSL and PKCS#9's signingDescription

Are there any plans to add PKCS#9's signingDescription attribute to OpenSSL's repertoire? Cheers, TJ This truth - to prove, and make thine own: "Thou hast been, shalt be, art, alone.&quo

[openssl.org #268] Very minor documentation patch

In the doc/openssl.txt document in openssl-0.9.7beta2, there is a very minor mistake in an example subjectAltName line in the config file: --- openssl.txt Tue Sep 19 17:50:25 2000 +++ /home/tj/openssl.txtSun Sep 1 22:08:10 2002 @@ -344,7 +344,7 @@ Examples: -subjectAltName

Re: Compression BIO

jaltma>What benefit is there to this over the ZLIB support already jaltma>in the TLS transport? It was intended to be another tool in the BIO collection, for applications that would like to make use of OpenSSL, but not necessarily for TLS transpor

Compression BIO

with this code from here? Cheers, TJ ~~~ The worst solitude is to be destitute of sincere friendship. -Francis Bacon