On Wed, Feb 11, 2015 at 01:50:07AM -0500, Daniel Kahn Gillmor wrote:
> > RC4 in LOW has a bit of pushback so far. My cover for it is that the
> > IETF says "don't use it." So I think saying "if you want it, say so" is
> > the way to go.
>
> I think that's the correct position. People who want
On Wed, Feb 11, 2015 at 03:30:57AM +, Salz, Rich wrote:
> > By all means, don't use it, but it is not OpenSSL's choice to make by
> > breaking
> > the meaning of existing interfaces.
>
> Except that we've explicitly stated we're breaking things with this new
> release.
>
> Those magic ciph
> By all means, don't use it, but it is not OpenSSL's choice to make by breaking
> the meaning of existing interfaces.
Except that we've explicitly stated we're breaking things with this new release.
Those magic cipher keywords are point-in-time statements. And time has moved
on.
_
On Wed, Feb 11, 2015 at 12:22:44AM +, Salz, Rich wrote:
> RC4 in LOW has a bit of pushback so far. My cover for it is that
> the IETF says "don't use it." So I think saying "if you want it,
> say so" is the way to go.
By all means, don't use it, but it is not OpenSSL's choice to make
by bre
On Tue, Feb 10, 2015 at 06:17:38PM -0500, Daniel Kahn Gillmor wrote:
> On Tue 2015-02-10 16:15:36 -0500, Salz, Rich wrote:
> > I would like to make the following changes in the cipher specs, in the
> > master branch, which is planned for the next release after 1.0.2
> >
> > Anything that uses RC4
> currently, this is an error:
>
> 0 dkg@alice:~$ openssl ciphers -v ALL:!NO-SUCH-CIPHER
> bash: !NO-SUCH-CIPHER: event not found
> 0 dkg@alice:~$
Yeah, but that's coming from bash, not openssl :)
; openssl ciphers -v ALL | wc
111 6758403
; openssl ciphers -v ALL:!FOOBAR | wc
111
On 10/02/15 21:16, Tom Francis wrote:
> I think Jakob’s real concern (as expressed to me off-list a month or so ago)
> is that OpenSSL’s libcrypto will become entirely hidden. I found several of
> his comments confusing until he mentioned that. So, I think the fair
> question to be asking is
> Is there any plan to make libcrypto go completely opaque, such that _only_
> the APIs exposed in libssl will be available?
Absolutely not.
Thanks for asking!
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/opens
On Tue, Feb 10, 2015 at 09:15:36PM +, Salz, Rich wrote:
> I would like to make the following changes in the cipher specs, in the master
> branch, which is planned for the next release after 1.0.2
>
> Anything that uses RC4 or MD5 what was in MEDIUM is now moved to LOW
Note, that RC4 is alre
I think Jakob’s real concern (as expressed to me off-list a month or so ago) is
that OpenSSL’s libcrypto will become entirely hidden. I found several of his
comments confusing until he mentioned that. So, I think the fair question to
be asking is:
Is there any plan to make libcrypto go comple
I would like to make the following changes in the cipher specs, in the master
branch, which is planned for the next release after 1.0.2
Anything that uses RC4 or MD5 what was in MEDIUM is now moved to LOW
Anything that was 40-bit encryption is removed:
/* Cipher 03 "EXP-RC4-MD5" removed */
/* Ci
On 10/02/15 15:31, Sec_Aficionado wrote:
> Matt,
>
> Thanks for keeping me honest! I see it now, but I totally missed it before. I
> must have just played with the cli and not read the full page.
>
> Can you please confirm that EVP is the way to go? I'll create my own little
> PHP extension s
Matt,
Thanks for keeping me honest! I see it now, but I totally missed it before. I
must have just played with the cli and not read the full page.
Can you please confirm that EVP is the way to go? I'll create my own little PHP
extension since I only need a very specific action.
Thanks for your
Which distro?
>>
OS is Red Hat Enterprise Linux Server release 6.5
OpenSSL Version :1.0.1e
All of the above are vendor specific patches (probably based on original
OpenSSL commits). However I don't know from the name what dtls-ecc-ext
is referring to. You would need to address your s
On 10/02/15 14:09, Sec_Aficionado wrote:
> Ah, thank you! I tried a lot of things and was very frustrated. I wish the
> documentation reflected that. I'll see if I can contribute by updating it.
It does:
https://www.openssl.org/docs/apps/enc.html
"The enc program does not support authenticated
Ah, thank you! I tried a lot of things and was very frustrated. I wish the
documentation reflected that. I'll see if I can contribute by updating it.
Regarding AES-GCM from the command line, or PHP bindings, is that something
that any of the OpenSSL components support? I think EVP is the intende
16 matches
Mail list logo
