Re: [openssl-users] Questions regarding the openssl FIPS self-tests

On 01/20/2016 02:00 AM, cloud force wrote: > Hi everyone, > > From the openssl tips doc it said the power-on self-tests need to be run > when the system comes up. > > If I have multiple applications which uses the openssl crypto functions > (under fips mode), does each of this application need to

Re: [openssl-users] Using TCP Fast Open with OpenSSL

Hi, I have recently been adding support for TLS using OpenSSL to a client application. When using TCP the application uses TCP Fast Open (TFO) as described in this RFC: https://tools.ietf.org/html/rfc7413 . TFO is currently available for clients on both Li

Re: [openssl-users] Using TCP Fast Open with OpenSSL

> On Jan 20, 2016, at 9:27 AM, Sara Dickinson wrote: > > I have TFO + TLS (using OpenSSL) working on OS X. However, because of the > specifics of the TFO implementation on Linux, I can’t see how to get that > working with OpenSSL. On Linux using TFO requires that > - the connect() call is skip

Re: [openssl-users] Using TCP Fast Open with OpenSSL

-Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Viktor Dukhovni Sent: Wednesday, January 20, 2016 8:55 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] Using TCP Fast Open with OpenSSL > On Jan 20, 2016, at 9:27 AM, Sara Dickins

Re: [openssl-users] [openssl-dev] Openssl 1.1 and Bind 9.6 ESV R11

On Tue, Jan 19, 2016 at 08:53:49PM -0600, Benjamin Kaduk wrote: > On 01/19/2016 05:37 PM, The Doctor wrote: > > Tried to compile an old bind and ran into > > Why? > > > What needs to be adjusted? > > > > > > The bind code is what needs to be adjusted, given that openssl 1.1 is > intentionally in

Re: [openssl-users] Using TCP Fast Open with OpenSSL

On Wed, Jan 20, 2016 at 06:01:00PM +, Nounou Dadoun wrote: > But if the TFO data payload is in the first SYN how can it be encrypted > (etc) even before the TCP handshake is complete (let alone the SSL > handshake) unless the calls are unbundled and serialized somehow. The TCP first-flight da

Re: [openssl-users] [openssl-dev] Openssl 1.1 and Bind 9.6 ESV R11

> That's my issue. I cannot get a more recent bind version to stay to stable on > one box. Then I think that's going to be a tough issue, and you'll either have to modify that source or stay at 1.0.2 ___ openssl-users mailing list To unsubscribe: http

Re: [openssl-users] [openssl-dev] Openssl 1.1 and Bind 9.6 ESV R11

On Wed, Jan 20, 2016 at 11:05:58AM -0700, The Doctor wrote: > > The bind code is what needs to be adjusted, given that openssl 1.1 is > > intentionally introducing API changes and removing direct access to many > > structures. It seems quite unlikely that an EoL version of a > > third-party softw

[openssl-users] Getting the current key exchange algorithm mode from an SSL_CIPHER

What is the most appropriate way to programmatically get the following information about an SSL_CIPHER? Currently, we need to read: * Which cipher algorithm is being used * Which key exchange algorithm is being used * Which MAC hash algorithm is being used The way we'

Re: [openssl-users] Getting the current key exchange algorithm mode from an SSL_CIPHER

The most portable, and longest-lasting, way is probably to get the name and then use that as a key to look up things in your own table of characteristics. A PR that adds API's (and doc) for extracting various things, and returning them as nid's or oid's or something, would be helpful. __

Re: [openssl-users] Using TCP Fast Open with OpenSSL

> On 20 Jan 2016, at 16:55, Viktor Dukhovni wrote: >> On Jan 20, 2016, at 9:27 AM, Sara Dickinson wrote: >> >> I have TFO + TLS (using OpenSSL) working on OS X. However, because of the >> specifics of the TFO implementation on Linux, I can’t see how to get that >> working with OpenSSL. On Li

Re: [openssl-users] Using TCP Fast Open with OpenSSL

The TCP first-flight data will be the TLS ClientHello message. This saves one round-trip on repeat visits: C: SYN + TFO-COOKIE + TLS ClientHello S: SYN-ACK S: ACK + TLS Server Hello ... ... -- Viktor. That makes sense, thanks ... N Nou Dadoun Senior Firmware

Re: [openssl-users] Getting the current key exchange algorithm mode from an SSL_CIPHER

On Wed, Jan 20, 2016, Eric Erhardt wrote: > What is the most appropriate way to programmatically get the following > information about an SSL_CIPHER? > > Currently, we need to read: > > > * Which cipher algorithm is being used > > * Which key exchange algorithm is being used >

Re: [openssl-users] Getting the current key exchange algorithm mode from an SSL_CIPHER

> On Jan 20, 2016, at 1:13 PM, Eric Erhardt wrote: > > What is the most appropriate way to programmatically get the following > information about an SSL_CIPHER? > > Currently, we need to read: > > · Which cipher algorithm is being used > · Which key exchange algorithm is being

Re: [openssl-users] [openssl-dev] Openssl 1.1 and Bind 9.6 ESV R11

On Wed, Jan 20, 2016 at 06:11:16PM +, Salz, Rich wrote: > > That's my issue. I cannot get a more recent bind version to stay to stable > > on > > one box. > > Then I think that's going to be a tough issue, and you'll either have to > modify that source or stay at 1.0.2 > Source modificatio

[openssl-users] OpenSSL FIPS Object Module v2.0

Hi Steve, Is there any update on the submissions for the OpenSSL FIPS Object Module v2.0, validation(s) #1747/#2398/#2474 Regards, Imran ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL FIPS Object Module v2.0

On 01/20/2016 05:07 PM, Imran Ali wrote: > Hi Steve, > > > > Is there any update on the submissions for the OpenSSL FIPS Object > Module v2.0, validation(s) #1747/#2398/#2474 > Still waiting on the CMVP. The paperwork for all three validations was submitted on December 20. I'm not even going