Is it necessary to load aesni-intel module like 'modprobe aesni-intel' ?
Loading this module makes no difference in openssl speed output.
openssl speed -elapsed -evp aes-128-cbc
before loading aesni-intel module
type 16 bytes 64 bytes256 bytes 1024 bytes 8192
bytes
The Linux kernel module isn't necessary for OpenSSL.
--
Erwann ABALEA
Le 07/11/2013 06:48, sarav.sars a écrit :
Is it necessary to load aesni-intel module like 'modprobe aesni-intel' ?
Loading this module makes no difference in openssl speed output.
From
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/ch03s02s03.html
check with root running openssl engine -c -tt
Carl
From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on
behalf
Hello,
there are two sets of DH parameters, that is the difference?
./crypto/dh/dh2048.pem
./crypto/dh/dh512.pem
./crypto/dh/dh192.pem
./crypto/dh/dh4096.pem
./crypto/dh/dh1024.pem
./apps/dh2048.pem
./apps/dh512.pem
./apps/dh4096.pem
./apps/dh1024.pem
In DH parameters in ./apps there reference
Hello,
there are two sets of DH parameters, is there a difference?
./crypto/dh/dh2048.pem
./crypto/dh/dh512.pem
./crypto/dh/dh192.pem
./crypto/dh/dh4096.pem
./crypto/dh/dh1024.pem
./apps/dh2048.pem
./apps/dh512.pem
./apps/dh4096.pem
./apps/dh1024.pem
In DH parameters in ./apps there reference
openssl = 0.9.8
On 06.11.2013 17:08, Patetta, Nicholas wrote:
Anyone know which version of OPENSSL is needed to support SHA256? Thanks.
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Raullen Chai
Sent: Tuesday,
Did a truss on the command and see some srandom error.
kioctl(5, 22528, 0x, 0x) Err#25 ENOTTY
kioctl(5, 22528, 0x, 0x) Err#25 ENOTTY
statx(/dev/srandom, 0x0FFDC3F0, 176, 0) Err#2 ENOENT
This srandom device is currently not
Greetings,
Apologies if this has been covered before, but I couldn't find it in a
search.
I'm trying to deploy FIPS 140 validated crypto to a RHEL 5 box as part of
a FISMA covered project.
I think the relevant policy is
On Wed, Nov 06, 2013, sarav.sars wrote:
Is it necessary to load aesni-intel module like 'modprobe aesni-intel' ?
Loading this module makes no difference in openssl speed output.
openssl speed -elapsed -evp aes-128-cbc
before loading aesni-intel module
type 16 bytes
On 11/07/2013 08:39 AM, Robert W Weaver wrote:
Greetings,
Apologies if this has been covered before, but I couldn't find it in a
search.
I'm trying to deploy FIPS 140 validated crypto to a RHEL 5 box as part
of a FISMA covered project.
I think the relevant policy is
I have an application built across various Unix flavors that uses
OpenSSL for SSL/TLS communication. I wanted to enable FIPS mode for my
application. But, it seems like not all OpenSSL version provides the
FIPS_mode_set wrapper function.
Basically, I want to be able to seamlessly call
On Wed, Nov 06, 2013, Karthik Krishnamurthy wrote:
I have an application built across various Unix flavors that uses
OpenSSL for SSL/TLS communication. I wanted to enable FIPS mode for my
application. But, it seems like not all OpenSSL version provides the
FIPS_mode_set wrapper function.
Steve Marquess marqu...@opensslfoundation.com wrote on 11/07/2013
09:02:05 AM:
Is there a basis for asserting FIPS 140 validation with
openssl-0.9.8e-26.el5_9.1|(none), or must the original RPM be used?
You'll need to ask Red Hat; it's their proprietary validation. From a
quick glance it
Hello list,
how can I read the details of a public key written by
PEM_write_RSAPublicKey()? I have tried all the openssl pkey and openssl
rsa combinations without much success, unfortunately.
Thanks in advance,
Dimitris
__
On Thu, Nov 07, 2013, Dimitrios Apostolou wrote:
how can I read the details of a public key written by
PEM_write_RSAPublicKey()? I have tried all the openssl pkey and
openssl rsa combinations without much success, unfortunately.
If possible you should use PEM_write_RSA_PUBKEY instead.
Hello,
I'm having quite weird problem with openssl (head version). I'm doing
following test:
Step 1:
./openssl s_client -connect some.server.org:443 -cipher DEFAULT
I'm getting following error:
CONNECTED(0003)
140453250619072:error:140790E5:SSL routines:ssl23_write:ssl handshake
On Thu, Nov 07, 2013 at 12:29:13PM +, Ben Arnold wrote:
I am using SSL_CTX_set_client_cert_cb to provide the client
certificate when needed. I have a problem in that OpenSSL 1.0.1e
does not trigger this callback for all websites that I expect it
to, only some. Instead on the failing
On Thu, 7 Nov 2013, Dr. Stephen Henson wrote:
On Thu, Nov 07, 2013, Dimitrios Apostolou wrote:
how can I read the details of a public key written by
PEM_write_RSAPublicKey()? I have tried all the openssl pkey and
openssl rsa combinations without much success, unfortunately.
If possible you
Hi:
If I set the TLSVerifyClient demand on openldap server side, then I'll got
below error
(set TLSVerifyClient as never/allow/try, I can login, but will have
authentication failure in LDAP log)
LS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read
Hi:
When I use SSL authentication in LDAP client, If I set the TLSVerifyClient
demand on openldap server side, then I'll got below error
(set TLSVerifyClient as never/allow/try, I can login, but will have
authentication failure in LDAP log)
LS trace: SSL3 alert write:fatal:handshake failure
Hi,
We are trying to work with the openssl with the v2.1 and not the v1.5 from the
command line.
But it is not documented anywhere how to tell the openssl to work with one
version or the other.
For example we run the command:
openssl rsautl -sign in sha256.bin -out signature.bin -inkey
To support the (four original) SHA-2 hashes as such, yes.
But: if you want to sign (and I think verify?) SHA2 and DSA or ECDSA,
you need the new signature/hash mechanism in 1.0.0, and if
you want TLSv1.2 suites using HMAC-SHA256/384 you need 1.0.1.
-Original Message-
From:
If you mean the RSA-PSS scheme that was added in PKCS#1 v2.1, that isn't
supported by rsautl.
Try pkeyutl with -pkeyopt rsa_padding_mode:pss .
Remember that the PKCS#1 v2.1 standard still includes the original (v1_5)
and OAEP schemes
which rsautl does support.
The man page and usage
Yes, I need to sign and verify so 1.0.0 or 1.0.1 even better. Thanks so much
for the info.
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dave Thompson
Sent: Thursday, November 07, 2013 3:52 PM
To:
On Thu, Nov 07, 2013 at 03:51:38PM -0500, Dave Thompson wrote:
To support the (four original) SHA-2 hashes as such, yes.
But: if you want to sign (and I think verify?) SHA2 and DSA or ECDSA,
you need the new signature/hash mechanism in 1.0.0, and if
you want TLSv1.2 suites using
From: owner-openssl-users On Behalf Of Viktor Dukhovni
Sent: Thursday, November 07, 2013 11:02
On Thu, Nov 07, 2013 at 12:29:13PM +, Ben Arnold wrote:
I am using SSL_CTX_set_client_cert_cb to provide the client
certificate when needed. I have a problem in that OpenSSL 1.0.1e
does
Do you still see an error if you specify one cipher? f.e. AES256-SHA?
On 2013-11-07 22:26, Dave Thompson wrote:
From: owner-openssl-users On Behalf Of Viktor Dukhovni
Sent: Thursday, November 07, 2013 11:02
On Thu, Nov 07, 2013 at 12:29:13PM +, Ben Arnold wrote:
I am using
I am facing the same issue and getting same error on FreeBED 9.1 as below.
FIPS routines:FIPS_check_incore_fingerprint:fingerprint does not
match:fips.c:232:
Only thing different is I am using openssl-fips-2.0.5. Did anyone get
solution for this problem?
--Girish
--
View this message in
28 matches
Mail list logo