Re: openssl-1.0.2-beta2

2014-09-02 Thread Jeffrey Walton
> I am using Ubuntu 14.04 server VM and I tried to install OpenSSL 1.0.2, but > the system can’t find it. I added the path to OpenSSL to $PATH, but I still > cannot build Curl with ssl. Should I do some additional linking to the new > OpenSSL version? > Typically you use LD_PRELOAD to ensure a p

Re[2]: Renegotiation workaround for TLS 1.2, 1.1 patch doesn't work (Check-in [22565])

2014-09-02 Thread Artem Pylypchuk
Yes, I did it (see my original message - it works with SSL_OP_NO_SSLv2 | SSL_OP_NO_TLSv1). I'm not having trouble in getting it to work. But, my server also supports SSLv3. And the problem I described is not in the connection being stuck (I only mentioned it as a related bug), but error messages

Re: Renegotiation workaround for TLS 1.2, 1.1 patch doesn't work (Check-in [22565])

2014-09-02 Thread Viktor Dukhovni
On Tue, Sep 02, 2014 at 10:52:59PM +0300, Artem Pylypchuk wrote: > Yes, the "stuck connection" bug I mentioned is the "F5 BigIP needs padding > bug" or is very similar to it. > Sorry for the confusing explanation. To disable TLSv1.2 with the associated ciphers and extensions (which increase the

Re[2]: Renegotiation workaround for TLS 1.2, 1.1 patch doesn't work (Check-in [22565])

2014-09-02 Thread Artem Pylypchuk
Yes, the "stuck connection" bug I mentioned is the "F5 BigIP needs padding bug" or is very similar to it. Sorry for the confusing explanation. -- реклама --- Крутые телефоны! Низкие цены! Покупай тут! http://aukro.ua/?utm_source=i.ua&utm_med

Re: openssl-1.0.2-beta2

2014-09-02 Thread Artem Pylypchuk
If you're building Curl from source, try ./configure --prefix=/usr --with-ssl=../openssl-1.0.2 This configuration trick applies to any version of openssl or any other library in general. To run your Curl from source directory, set the LD_LIBRARY_PATH or LD_PRELOAD environment variable to point

Re[2]: Renegotiation workaround for TLS 1.2, 1.1 patch doesn't work (Check-in [22565])

2014-09-02 Thread Artem Pylypchuk
Well, the (open source) library Kannel gwlib (which is not mine, btw, since I'm not associated with Kannel project) works fine. My project simply uses both Kannel gwlib and openssl. On the other hand, it is not always possible to persuade the proprietary vendors to fix their implementations. I t

openssl-1.0.2-beta2

2014-09-02 Thread Bisera Milosheska
Hi, I am using Ubuntu 14.04 server VM and I tried to install OpenSSL 1.0.2, but the system can’t find it. I added the path to OpenSSL to $PATH, but I still cannot build Curl with ssl. Should I do some additional linking to the new OpenSSL version? Thank you fro your answer. Best regards, Bise

RE: Renegotiation workaround for TLS 1.2, 1.1 patch doesn't work (Check-in [22565])

2014-09-02 Thread Salz, Rich
Is this the F5 BigIP needs padding bug? Tried to follow all the discussion threads and got lost. -- Principal Security Engineer Akamai Technologies, Cambridge MA IM: rs...@jabber.me Twitter: RichSalz

Re: Renegotiation workaround for TLS 1.2, 1.1 patch doesn't work (Check-in [22565])

2014-09-02 Thread Kyle Hamilton
Why aren't you fixing your library, instead of pushing workarounds into open source? Is there some other vulnerability that you're trying to avoid, or is it a strict compatibility issue? If it's strictly for proprietary compatibility, then you need to get the proprietary vendor to fix its code

Renegotiation workaround for TLS 1.2, 1.1 patch doesn't work (Check-in [22565])

2014-09-02 Thread Artem Pylypchuk
Hello! The patch http://cvs.openssl.org/chngview?cn=22565 does not fix the following error messages at write and session re-negotiation, for TLS_v1_1_client_method: OpenSSL error 1: error:0001:lib(0):func(0):reason(1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number My si

Re: Hi, I cross compiled OpenSSL for android with the FIPS compliant part, i get error 2D06B06F on FIPS_mode_set()

2014-09-02 Thread Kyle Hamilton
Create the FIPS library from the openssl-fips package, then build a release openssl package with the FIPS library you built. You appear to not be building the release package, but I could be wrong. You shouldn't ever use the .a files from the openssl-fips package directly. -Kyle H On September

Re: Problem building the FIPS Capable Library for iOS

2014-09-02 Thread Dr. Stephen Henson
On Fri, Aug 29, 2014, scoleman2272 wrote: > I'm having the same issue. I've followed all of the steps in Appendix E and > in the this post but still get the error message. I've also confirmed that > the fips lib is installed at: /usr/local/ssl/Release-iphoneos > > Here's my command line to confi

Hi, I cross compiled OpenSSL for android with the FIPS compliant part, i get error 2D06B06F on FIPS_mode_set()

2014-09-02 Thread Or Barak
I'm using the libcrypo.a and libssl.a static libraries in a JNI shared library (*.so). runtime log prints: OPENSSL_VERSION_TEXT OpenSSL 1.0.1h-fips 5 Jun 2014 SSLeay_version(SSLEAY_CFLAGS) arm-linux-androideabi-gcc --sysroot=/Users/orbarak/android-ndk-r9d/platforms/android-14/arch-arm -DOPENSS