>From: owner-openssl-us...@openssl.org On Behalf Of Leon Brits
>Sent: Sunday, 02 June, 2013 10:11
>I have just created a new CA which has the extension to allow
>client authentication. My previous CA worked fine without this
>extension but some client application now requires that I set it.
Th
> From: owner-openssl-us...@openssl.org On Behalf Of no_spam...@yahoo.com
> Sent: Monday, 03 June, 2013 11:18
> To: openssl-users@openssl.org
> Subject: Re: openssl 1..0.1e -bad sig size 32 32 for DSA 2048 keys
>
> My understanding is that 2048-bit DSA keys (with |q|=256) are
> currently supporte
I've implemented DANE support for Postfix, but want to make the
implementation a bit more robust in the face of possible future
changes in OpenSSL.
I want to use SSL_CTX_set_cert_verify_callback() to how certificate
verification is performed. I need to be able to selectively
add/remove from the
On 6/3/2013 10:47 AM, Schmid Alexander wrote:
Hello,
I would like to raise the question if the (3)DES algorithm of the
openSSL library is safe against attacks using DPA and SPA?
If by DPA and SPA you refer to attacks that try to detect the bits
(key or plaintext) processed from subtle variati
My understanding is that 2048-bit DSA keys (with |q|=256) are currently
supported - at least they seem to be in 1.0.1e and fips-2.0.2. And "by
supported" I mean that they can be 1) generated and 2) used with TLS provided
the signature_algorithms extension is used so that SHA256 can be specified
Gnanasekar R wrote the following:
> Hi,
>
> Has anyone tried using cryptodev driver and seen it to be better than AES
> computation in OpenSSL libs. I instrumented the time using evp_test app and
> see that AES computation using cryptodev is ~1.6ms slower compared to
> running the app without cry
Hello,
I would like to raise the question if the (3)DES algorithm of the openSSL
library is safe against attacks using DPA and SPA?
If yes, from which version on?
Is there an official certification to prove this?
Beste Grüße / Best regards
Alexander Schmid
Thanks for the quick reply.
Since FIPS-140-3 may limit DSA key limit to be not less than 2048, Is there
a chance of 2048 DSA key support in the near future upstream versions of
openssl?
Thanks.
--
View this message in context:
http://openssl.6102.n7.nabble.com/openssl-1-0-1e-bad-sig-size-32-3
On Mon, Jun 03, 2013, Mithun Kumar wrote:
> Hello Dave,
>
> Does openssl support "S/MIME Capabilities" certificate extension? I think
> openssl is unable to parse this extension.
>
OpenSSL wont choke if the contents of an extension are garbage (i.e. those
within the octet string wrapper). It wi