On Sat, Jan 04, 2014 at 03:11:16PM -0500, Jeffrey Walton wrote:
> > ... A substantive comment that argues that DANE adds
> > nothing new to SMTP would begin by explaining in detail how SMTP
> > to MX TLS security is possible without DNS data integrity (thus
> > making it possible to not trust the
On Sat, Jan 4, 2014 at 2:42 PM, Viktor Dukhovni
wrote:
> ... A substantive comment that argues that DANE adds
> nothing new to SMTP would begin by explaining in detail how SMTP
> to MX TLS security is possible without DNS data integrity (thus
> making it possible to not trust the root zone signatu
On Sat, Jan 04, 2014 at 07:58:20PM +0100, Michael Str?der wrote:
> > While indeed SMTP with DANE TLS relies on DNSSEC to secure the
> > MX lookup, it also critically relies on DANE for two additional
> > pieces of information:
> >
> > - Downgrade resistant STARTTLS support signall
Viktor Dukhovni wrote:
> On Sat, Dec 28, 2013 at 05:56:41PM +0100, Michael Str?der wrote:
>
>>> http://vdukhovni.github.io/ietf/draft-ietf-dane-smtp-with-dane-05.html#rfc.section.1.2
>>>
>>> This is why I am working to implement and standardize SMTP with DANE TLS.
>>
>> DANE itself does not help.
Hello,
We are looking for a potential tweak or customization of openSSL for an
existing project, and I was wondering if I could get your input.
Summary: we want to alter or configure openSSL so that it will pass the
entire cert chain for authentication instead of just the first certificate.
Dr. Henson:
I did not specifically set FIPS mode. How do I check whether my code is running
at FIPS mode?
Thanks
Helen
From: Dr. Stephen Henson
To: openssl-users@openssl.org
Sent: Friday, January 3, 2014 9:20 PM
Subject: Re: Got: error:0408D068:rsa routine
Hi,
We have migrated from openssl-0.9.8a Solaris to Linux version.
We find that there is a drastic increase in the SSL_ERROR_SYSCALL in Linux
openssl version compared to Solaris. I am using SSL_accept which returns a
negative value . The return code for SSL_get_error is 5. Plea
