Hi,
Thanks for the info.
(a typo in previous mail).
Could you please confirm whether following will ensure my SSLv23 methods will
no more accept SSLv3 and SSLv2 connections ?
conn-ssl_ctx = SSL_CTX_new(SSLv23_server_method());
SSL_CTX_set_options(conn-ssl_ctx,
Folks
I noticed that in certain cases - SSL_accept call gets hung forever and I had
to restart my process to fix the issue.
I also observe that the SSL_accept creates some latency, is that possible and
if any one of you faced these problems before ? If so , can you please suggest
what could be
Hello Michael,
Thank you very much for your help.
I will rebuild OpenSSL for static linking and use it in my program.
Kind regards,
Patrice.
Michael Wojcik a écrit :
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Patrice Guérin
Sent: Wednesday, 12
Hi,
i am using EVP_SealInit() for enveloping. Is it possible to create me encrypted
session keys with the EVP interface *after* encrypting the main data? Or do i
have to use to low level RSA interface?
Greetings,
Johannes
__
Hi!
I am trying to force my TLS 1.2 connection into Suite B mode, but at
handshake I get an error no shared cipher.
The server code is basically:
SSL_CTX_new(TLSv1_2_server_method());
//ECDSA cert is added to the ctx
SSL_CTX_use_certificate(ctx_, serverCert.cert.get())
On Fri, Nov 14, 2014, Fredrik Jansson wrote:
Hi!
I am trying to force my TLS 1.2 connection into Suite B mode, but at
handshake I get an error no shared cipher.
The server code is basically:
SSL_CTX_new(TLSv1_2_server_method());
//ECDSA cert is added to the ctx
Hi!
Thanks!
I am using 1.0.2b3 on both server and client, and I have the call to
SSL_CTX_set_ecdh_auto, but still no luck.
The exact code is as follows:
358 void initialize(TLSSettings const settings) {
359 ctx_ = SSL_CTX_new(TLSv1_2_server_method());
360 if (!ctx_) {
361
On Fri, Nov 14, 2014, Fredrik Jansson wrote:
Hi!
Thanks!
I am using 1.0.2b3 on both server and client, and I have the call to
SSL_CTX_set_ecdh_auto, but still no luck.
The exact code is as follows:
358 void initialize(TLSSettings const settings) {
359 ctx_ =
Hi,
I was wondering which release(s) the patches for bug 3470, 3483, and 3489 are
scheduled for?
http://rt.openssl.org/Ticket/Display.html?id=3470
http://rt.openssl.org/Ticket/Display.html?id=3483
http://rt.openssl.org/Ticket/Display.html?id=3489
Internally, we have an arcane policy that
I was wondering which release(s) the patches for bug 3470, 3483, and 3489
are scheduled for?
As nobody from the openssl dev team has commented on this (other than a
question from drH), the only conclusion right now is: no current plan.
Sorry.
Hi.
I’ve been using the O’Reilly “Network security with OpenSSL” book, but it’s
showing its age. It was published in 2002 and covered version 0.9.7.
Since then a lot of RFCs have been published, weaknesses reported and fixed,
new functionality added… It’s time to give up my beloved book for
Ivan Ristic's https://www.feistyduck.com/books/bulletproof-ssl-and-tls/ is
really really good. But it's more about configuration and the command-line then
the API.
Ivan's the force behind the Qualys SSL test site.
__
OpenSSL
Hi,
The release notes for OpenSSL 1.0.2 [beta] says that it supports APLN:
https://www.openssl.org/news/openssl-notes.html
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6f017a8f9db3a79f3a3406cf8d493ccd346db691
But the CHANGES file for 1.0.2-beta3 doesn't mention it. However this
Hi Phillip,
I am currently looking at updating the openssl wiki with a list of books
and resources. I have only just begun collecting information on this, but I
would love to know of anything you find or are using.
Thanks,
Casey
On Fri Nov 14 2014 at 3:10:12 PM Salz, Rich rs...@akamai.com
Hello,
I am noticing that when I install the OpenSSL bundle from
http://slproweb.com/products/Win32OpenSSL.html
The lib folder gets a lot of .lib files in it that are corresponding to the
engines such as capi.lib
How can I compile OpenSSL to generate those same lib files? Is it simply a
matter
Hi Steve, thanks for helping out!
The server cert is P-256 and the CA is P-384, please see below. Is that ok?
Fredrik
openssl x509 -noout -text -in server-secp256r1-cert.pem
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 3 (0x3)
Signature Algorithm:
Microsoft just published a patch on their SChannel component (KB 2992611 )
https://technet.microsoft.com/library/security/MS14-066
But with this fix, Web server IIS 7.5/8.0 on Windows server 2008R2 or
Windows server 2012 did not accept download from curl + OpenSSL 1.0.0a /
1.0.0b !
If you
On Fri, Nov 14, 2014 at 06:35:51AM +, Viktor Dukhovni wrote:
On Fri, Nov 14, 2014 at 06:26:24AM +, Vaghasiya, Nimesh wrote:
[ It is rude to ask user questions on the dev list (moved to Bcc). ]
We are in process of disabling SSLv3 and SSLv2 protocols from all of our
FreeBSD based
On Fri, Nov 14, 2014, Fredrik Jansson wrote:
Hi Steve, thanks for helping out!
The server cert is P-256 and the CA is P-384, please see below. Is that ok?
That is but this isn't:
Signature Algorithm: ecdsa-with-SHA1
The signing digest needs to match the curve. So if you sign
Just to add some more information - When I do my nmake -f ms\ntdll.mak
command, I do end up with some out32dll.dbg and out32.dbg directories in my
source folders, and if I browse to the out32.dbg folder and do openssl
engine I do get some output:
$ ../out32.dbg/openssl.exe engine
(rdrand) Intel
try run
curl -k https://www.poweradmin.com/
If you use curl with openssl 1.0.0a or 1.0.0b, you'll get
curl: (35) error:1411809D:SSL routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls
invalid ecpointformat list
SSL_OP_* are bitmasks.
SSL_CTX_set_options(conn-ssl_ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
-Kyle H
On 11/14/2014 12:37 AM, Vaghasiya, Nimesh wrote:
Hi,
Thanks for the info.
(a typo in previous mail).
Could you please confirm whether following will ensure my SSLv23
methods will no
Hi.
I’m working on an application that requires datagrams of ASN.1 PDU’s to be
exchanged.
The application data needs to be first encrypted, then signed. I will not be
using streams, but rather memory BIO’s.
I could use the CMS_encrypt() into one BIO, then reset that and pass it as
input to
23 matches
Mail list logo
