I'm using SSL over non-blocking socket. As a result SSL_shutdown returns
immediately with error code 5 (underlying socket issue), sometimes after
doing this, the program crashes on SSL_CTX_free.
So I was wondering about closing the socket without doing an
SSL_shutdown. Is this safe? Any securi
Hi
> > readelf -d `which openssl` | egrep -i "rpath|ssl|crypto"
> > 0x0001 (NEEDED) Shared library: [libssl.so.1.0.0]
> > 0x0001 (NEEDED) Shared library:
> > [libcrypto.so.1.0.0]
> > 0x001d (RUNPATH)Library runpath:
> > [
On Tue, Apr 7, 2015 at 10:13 PM, wrote:
> On Tue, Apr 7, 2015, at 07:06 PM, Jeffrey Walton wrote:
>> > Setting *FLAGS & rpath, although the openssl binary links correctly
>> > against its own {libcrypto,libssl}.so, the libssl.so links against
>> > *system*,
>> > not its own, libcrypto.
>>
>> You
On Tue, Apr 7, 2015, at 07:06 PM, Jeffrey Walton wrote:
> > Setting *FLAGS & rpath, although the openssl binary links correctly
> > against its own {libcrypto,libssl}.so, the libssl.so links against *system*,
> > not its own, libcrypto.
>
> You can verify the RPATHs are actually present by dumping
> Setting *FLAGS & rpath, although the openssl binary links correctly
> against its own {libcrypto,libssl}.so, the libssl.so links against *system*,
> not its own, libcrypto.
You can verify the RPATHs are actually present by dumping the
DT_RUNPATH section of the ELF executable:
readelf -d |
> I'm not sure if/how SPDY differs from HTTP/2 (other than I know they are
> different but aligned).
I Google just turned off spdy for "official" http/2.
http://blog.chromium.org/2015/02/hello-http2-goodbye-spdy-http-is_9.html
___
openssl-users maili
On Tue, Apr 7, 2015 at 1:15 PM, David Rueter wrote:
>>> Is OpenSSL in its own DLL/DLLs?
>
> Yes, the OpenSSL DLL’s libeay32.dll and ssleay32.dll are used, and in fact I
> have updated them to 1.0.2a
>
> Yes, performing my own build on these DLL’s is an option, and I may pursue
> it. I just need t
On Tue, Apr 7, 2015 at 1:37 PM, Richard Moore wrote:
> On 7 April 2015 at 17:49, Jakob Bohm wrote:
>>
>> It also appears the HTTP/2.0 draft aka SPDY requires
>> compression to be enabled, though I don't know if that
>> is at the TLS or HTTP level.
>
> HTTP/2 does not require TLS compression. It d
Yes, some others have spoken up so compression at the TLS layer will stay. The
ability to add new compression methods at run-time is likely to go away.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On 7 April 2015 at 17:49, Jakob Bohm wrote:
> It also appears the HTTP/2.0 draft aka SPDY requires
> compression to be enabled, though I don't know if that
> is at the TLS or HTTP level.
>
HTTP/2 does not require TLS compression. It does however use it's own
compression for headers (hpack) whic
Got it! Thanks for the detailed explanation. I did not realize that the
same ciphers were used by both SSL3 and TLS1. The behavior now makes all
the sense in the world.
Thanks!
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Viktor Dukhovn
>> Is OpenSSL in its own DLL/DLLs?
Yes, the OpenSSL DLLs libeay32.dll and ssleay32.dll are used, and in fact I
have updated them to 1.0.2a
Yes, performing my own build on these DLLs is an option, and I may pursue
it. I just need to get a Windows dev environment set up to build these.
bump
On Tue, Mar 17, 2015, at 08:22 AM, h15...@mailas.com wrote:
> I'm trying to build a library self-consistent instance of openssl 1.0.2 on
> linux/64.
>
> Setting *FLAGS & rpath, although the openssl binary links correctly against
> its own {libcrypto,libssl}.so, the libssl.so links against
On 07/04/2015 17:09, David Rueter wrote:
You're confusing SSLv3 the protocol, with SSLv3 ciphersuites.
Yes, I admit I am not distinguishing between these. However, !SSLv3 in the
cipher list does evidently disable the SSLv3 protocol as well--as evidenced
by testing with https://www.ssllabs.com/
On 07/04/2015 14:52, Salz, Rich wrote:
Jakob,
Thanks very much for the detailed response! I'm still not convinced that
tls-layer compression is a good thing. You seem to be saying it could
possibly be made to work, but ... do I have that view right?
I was merely trying to explain Thomas T
On Tue, Apr 07, 2015 at 08:09:31AM -0700, David Rueter wrote:
> >> You're confusing SSLv3 the protocol, with SSLv3 ciphersuites.
>
> Yes, I admit I am not distinguishing between these. However, !SSLv3 in the
> cipher list does evidently disable the SSLv3 protocol as well--as evidenced
> by testi
>> You're confusing SSLv3 the protocol, with SSLv3 ciphersuites.
Yes, I admit I am not distinguishing between these. However, !SSLv3 in the
cipher list does evidently disable the SSLv3 protocol as well--as evidenced
by testing with https://www.ssllabs.com/ssltest
Since I don't have source for th
> At the
> very least, you need to measure many encryptions and take the average.
+1 Also look at the openssl speed app.
--
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz
___
openssl-users mailing list
To unsubscribe
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Amir Reda
> Sent: Tuesday, April 07, 2015 08:50
> i am using Authenticated Encryption AES-GCM. i am trying to calculate the
> processing time for encrypting a data
> message of size 500 byte
You'll need a pretty hi
Jakob,
Thanks very much for the detailed response! I'm still not convinced that
tls-layer compression is a good thing. You seem to be saying it could
possibly be made to work, but ... do I have that view right?
--
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichS
dear all
i am using Authenticated Encryption AES-GCM. i am trying to calculate the
processing time for encrypting a data message of size 500 byte
clock_t startEncryption, endEncryption;
double msecs1;
startEncryption = clock();
unsigned char plaintext[500] =
{'f','a','3','1','3',
Sorry, my fault. I wasn't following the instructions which tells me to look in
the "prefix" tree and there are all the include files nicely together again.
Apologies for time wasting.
John.
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
John Unsworth
Sent: 07 April
I build openssl as static libraries that are then included in applications. Up
till 1.0.2 all the include files have been in one directory so building the
applications just involved using the single include folder, which I copied from
the openssl build, and the openssl static libraries. However
Hi all,
I use openssl library in a daemon, and there are a lot of crashes around ssl
session management.
A crash happens when ssl sessions are flushed via SSL_CTX_flush_sessions(),
because they could have bad session id.
Here, the life of one session:
ptr_addr: refcount: type[session_id]
On 05/04/2015 02:06, Salz, Rich wrote:
by randomly interspersing flush commands into the data stream (description
and example implementation https://github.com/wnyc/breach_buster)?
It's not perfect but for some use cases better than having no compression at
all.
Flushing the stream seems like an
25 matches
Mail list logo