RE: OpenSSL 1.0.1j - HP

2014-10-22 Thread Michael Wojcik
Yes. It's the liberal use of the C99 inline keyword introduced by Andy Polyakov in the commit Kyle linked to. That also broke the build on AIX, if you're using an older version of IBM's XLC compiler. (We're using XLC 9.) On AIX, the fix was to add -qkeyword=inline to the cflags portion of the

RE: OpenSSL 1.0.1j - HP

2014-10-22 Thread Salz, Rich
Use of inline was basically a mistake that slipped through. -- Principal Security Engineer, Akamai Technologies IM: rs...@jabber.me Twitter: RichSalz __ OpenSSL Project http://www.openssl.org

Re: SSL_MODE_SEND_FALLBACK_SCSV option

2014-10-22 Thread Jakob Bohm
On 21/10/2014 16:05, Florian Weimer wrote: * Jakob Bohm: The purpose of the option is to make totally broken applications a bit less secure (when they happen to certain servers). From my I meant “a bit less insecure”, as Bodo pointed out. OK, point already taken. point of view, there is

RE: OpenSSL 1.0.1j - HP

2014-10-22 Thread LeSieur, Rajshree
Thank you for the information. I tried the -Dinline and unfortunately used double quotes and it did not work. The link with the workaround actually got me past the build issues. I agree the use of inline was probably not a good idea. Perhaps in the next build it will be resolved. Thanks,

unable to use ECDHE_ECDSA_NULL_SHA ?

2014-10-22 Thread Nat Brown
i'm using openssl 1.0.1j 15 Oct 2014 s_client and s_server to test out TLS and DTLS with ECDHE, e.g. s_server -dtls1 -accept 8000 -cert ecdsa_cert.pem -key ecdsa_key.pem -cipher ECDHE-ECDSA-AES256-SHA and s_client -dtls1 -connect localhost:8000 -cipher ECDHE-ECDSA-AES256-SHA this works great

Re: unable to use ECDHE_ECDSA_NULL_SHA ?

2014-10-22 Thread Viktor Dukhovni
On Wed, Oct 22, 2014 at 09:34:25AM -0700, Nat Brown wrote: OpenSSL s_server -accept 8000 -cert ./ecdsa_cert.pem -key ecdsa_key.pem -cipher ECDHE_ECDSA_NULL_SHA Underscores are not hyphens. Try -cipher ECDHE-ECDSA-NULL-SHA -- Viktor.

Re: unable to use ECDHE_ECDSA_NULL_SHA ?

2014-10-22 Thread Nat Brown
argh, right you are, even on my keyboard they are different - thanks. for the record s_server -dtls1 -accept 8000 -cert ./ecdsa_cert.pem -key ecdsa_key.pem -cipher ECDHE-ECDSA-NULL-SHA works just fine with s_client -dtls1 -connect localhost:8000 -cipher ECDHE-ECDSA-NULL-SHA worth noting that

Confused about argument dsa to DSA_sign()

2014-10-22 Thread Erik Leunissen
Hi all, The documentation of DSA_sign(3) says: DSA_sign() computes a digital signature on the len byte message digest dgst using the private key dsa ... The formulation the private key dsa confuses me because: - the variable dsa is of type pointer to struct DSA, where the struct has