In our haste to help, the secure memory allocation patch we posted last week
had two issues. First, it wasn’t easy to use. We knew that, and tried to set
expectations accordingly. Second, it wasn’t really secure enough. We didn’t
know that, and we thank everyone who brought it to our attention.
Yes, your client is vulnerable. Which ip to connect to is governed by your
application, and IP addresses can be falsified, so it is very much possible
your client connects to a malicious server.
-ag
--
sent via 100% recycled electrons from my mobile command center.
> On Apr 11, 2014, at 8:32 A
Possibly too Postelian, OpenSSL answers a received heartbeat request
(and thus before the fix answers a malicious request with leaked data)
even if the heartbeat extension was negotiated off.
Only the build option to exclude the code stops it.
OpenSSL will *send* hb request only if/after nego
> From: owner-openssl-us...@openssl.org On Behalf Of chetan
> Sent: Monday, April 14, 2014 00:42
> xxx.c is my program file.
> So, i'm compile simply like "cc xxx.c ".
> I am Gettting [undefined reference]
This is basic C programming. Whenever you link (not just compile) a C
program
that uses a
Stephan,
It depends on how pedantic your clients are. If you aren't rekeying,
it shouldn't matter, though.
X.509 has a "Subject" and an "Issuer". The Issuer of a certificate is
the Subject of the certificate which private key was used to sign it.
If the Issuer doesn't change, then the matching
Ok, sorry about the spam the keys have a different header and
googling it arround found that:
"BEGIN RSA PRIVATE KEY is PKCS#1 and is just an RSA key. It is essentially
just the key object from PKCS#8, but without the version or algorithm
identifier in front. BEGIN PRIVATE KEY is PKCS#8 and
Hello All,
Please bare with me but could someone explain the following exercise result?
How can a different private key generate the same public key?
Basically I started a new VM and installed Ubuntu 13. Configured SSL and
run the heartbleed script that is available in the wild.
After a few pac
Call me wimpy, but after six hours of fighting the compiling process, I went
with the slproweb binary. New certificates are also in place. Thanks for the
help--I'm no longer bleeding!
==
Aaron Bahmer
Director, Instructional Technology
Eastern Wyoming College
http://ewc.wy.edu | (307) 532-8284
1-
It appears that the NIST NVD entry for CVE-2010-5298 may be incorrect. This
issue seems to affect 1.0.0+. Nothing earlier - specifically 0.9.8, correct?
Thanks for the sanity check.
__
OpenSSL Project
This thread have any relevance to you?
http://stackoverflow.com/questions/12885680/pem-read-rsaprivatekey-returns-illegal-seek-when-decrypting-using-openssl-libs
From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on
behalf of hhachem
First of all, what system are you using?
_
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of
laxminarayana.ganes...@maersk.com
Sent: Tuesday, April 15, 2014 1:40 AM
To: openssl-users@openssl.org
Subject: help upgrading to 1.0.1g
Hi Team,
Strace shows the following before the error:
ioctl(10, TCGETS, 0x7fffe068) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x300
26000
_llseek(0xa, 0, 0, 0x7fffe2f8, 0x1) = -1 ESPIPE (Illegal seek)
--
View this message in context:
http://openssl.6
Hello,
I have an issue, that I've been trying to resolve for weeks now. I have 2
devices. The major different between them is the linux Kernel version. On
Linux 2.6.24.6, ssl_connect() works flawlessly. On 2.4.21 it returns -1. The
SSL_get_error() returns SSL_ERROR_SYSCALL but errno is 0 (perror()
Hi Team,
Please provide me steps to download and upgrade to 1.0.1g.
Thanks in advance
Regards,
LaxmiNarayana
System Specialist, MDS - Operations
Maersk Drilling IT
Maersk Drilling, Maersk FPSOs, Maersk Supply Service
A.P. Moller - Maersk A/S
286/1, Prince Infocity, 7th Floor, Old Mahabalipuram ro
>You need to generate a new certificate with the same data (except a
>different serial number and a reference to sha1WithRSAEncryption),
>containing the same public key, and signed with the same private key.
>
>I'd recommend sha256WithRSAEncryption, but that's possibly not an
>option for you.
>
>Ma
On 04/14/2014 03:01 PM, Benjamin Schulz wrote:
>
> Hello,
> The openssl foundation writes here:
>
> https://www.openssl.org/support/acknowledgments.html
>
> ...
>
> So I think the openssl foundation should take some measures that perhaps may
> help to scare intelligence agencies away from o
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Benjamin Schulz
> Sent: Monday, 14 April, 2014 15:01
>
> Could the openssl foundation add official rules that
This list is probably not the place to discuss this at any length, but I for
one find the
On 15 April 2014 05:40, chetan wrote:
> Thanks to you...it's working.
> Now i have one last query for you.
> I'm generating public and private key files using command line openssl. I
> generated 2 .PEM files each for public and private key.
> Now i want to generate shared secret from that files us
You need to generate a new certificate with the same data (except a
different serial number and a reference to sha1WithRSAEncryption),
containing the same public key, and signed with the same private key.
I'd recommend sha256WithRSAEncryption, but that's possibly not an
option for you.
Make sure
I don't know the answer to your main question, but:
On Tue, 15 Apr 2014 10:41:20 +0200
steff...@gmx.de wrote:
> I need to change this do sha1 because I have clients that do not
> accept md5 anymore.
If you use SHA256 you won't have to do this again in a few years.
(Microsoft announced to depreca
Hello world,
I am running my own little CA and the root certificate was created using md5:
Signature Algorithm: md5WithRSAEncryption
I need to change this do sha1 because I have clients that do not accept md5
anymore. Is there any way to convert the existing cert from md5 to sha1 ? I
tried co
21 matches
Mail list logo
