On Thu, Jun 19, 2014 at 08:52:43PM -0700, Kyle Hamilton wrote:
> Reasons include "how
> to identify when being called by an httpd that could be named anything",
Sorry, by "Apache", I meant any service that returns an unrecognized
name warning alert from the SNI callback, not specifically Apache.
On 6/18/2014 7:24 AM, Viktor Dukhovni wrote:
> That's the code I saw. Should OpenSSL do Apache a favour and not send
> a warning alert anyway, when the extension callback is the SNI callback?
Uh... this wouldn't even remotely be a good idea. Reasons include "how
to identify when being called by
I am pleased to announce the addition of Emilia Kasper to the OpenSSL
team (see https://www.openssl.org/about/).
This brings us up to twelve active team members and adds some strong
cryptographic skills.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adams
On 6/19/2014 11:19 AM, Jeffrey Walton wrote:
...
CCM is probably the oldest of the three, its more complicated, and its
offline (you have to have all data beforehand - you cannot stream data
into it).
Personally, I don't care about GCM's parallelizability because I
require all data to be authent
On Wed, Jun 18, 2014 at 12:45:20PM -0700, Steve Bush wrote:
> I downloaded openssl-0.9.8y and 0.9.8za
>From openssl.org, or from a vendor patched package?
> and looked at all the changes and in ssl/s3_enc.c and ssl/t1_enc.c, the
> following lines were added in 0.9.8za to the "int ssl3_alert_code
On Wed, Jun 18, 2014, Steve Bush wrote:
>
> I downloaded openssl-0.9.8y and 0.9.8za and looked at all the changes and in
> ssl/s3_enc.c and ssl/t1_enc.c, the following lines were added in 0.9.8za to
> the "int ssl3_alert_code(int code)" and "int tls1_alert_code(int code)"
> functions to handle SS
Hey, thanks Jeff !
I also inadvertently found an interresting article of a certain M. J. W. ...
;-)
I should have read more carefully :
http://www.codeproject.com/Articles/34380/Authenticated-Encryption
particularly when it states : "It is up to the receiver to determine
whether to accept a tag
On Thu, Jun 19, 2014 at 4:48 AM, Michel wrote:
> Ok, I have missed that point (and probably many others...)
> I need to go deeper to better understand things,
> and I am grateful for your explanations.
If AEAD schemes are your thing, then you might take a look at David
Wagner's http://www.cs.berke
Ok, I have missed that point (and probably many others...)
I need to go deeper to better understand things,
and I am grateful for your explanations.
Le 18/06/2014 20:25, Thulasi Goriparthi a écrit :
In the test program, you are feeding a fixed ccm_tag to decryption
process. This will not work fo
Follow-up:
I downloaded openssl-0.9.8y and 0.9.8za and looked at all the changes and in
ssl/s3_enc.c and ssl/t1_enc.c, the following lines were added in 0.9.8za to the
"int ssl3_alert_code(int code)" and "int tls1_alert_code(int code)" functions
to handle SSL_AD_UNRECOGNIZED_NAME
I just confir
It may be that Apache has an issue as well, however, the changed behavior
specifically occurred when we upgraded from openssl-0.9.8u to openssl-0.9.8za.
There was no change to any other aspect of our apache test installations.
Here's how the scenario unfolded:
1. Our product includes an Apa
11 matches
Mail list logo