On Mon, Nov 14, 2016, Blumenthal, Uri - 0553 - MITLL wrote:
> As "-list-curves" is not supposed to work here, what would be a good way to
> tell if a given installation supports X25519?
>
Well only OpenSSL 1.1.0 currently supports X25519. One way is to look at
the output of:
openssl li
Thanks for looking at this. I was insisting that nobody (in practice)
puts CRLs inside of a PKCS12. Nobody does that... I could find no
evidence that this is ever done, nor was there any support for this
deviant behavior. ;-)
I was handed a specification to implement that had CRLs inside of
PK
As "-list-curves" is not supposed to work here, what would be a good way to
tell if a given installation supports X25519?
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
Original Message
From: Dr. Stephen Henson
Sent: Monday, November 14, 2016 15:02
To: openssl-u
On Wed, Nov 02, 2016, Richard Stanek wrote:
> My original requirements were to extract the user certificate, the
> private key, and the CAs. For that I was using the call to
> PKCS12_parse(...). This satisfied the original requirements. Very
> easy to find, understand, and use.
>
> The new req
On Fri, Nov 04, 2016, Viktor J?gersk?pper wrote:
> Hi,
>
> OpenSSL 1.1.0 implemented X25519. "openssl s_client -cipher kEECDH
> -curves X25519 -connect google.com:443" works as expected, and I get
> "Server Temp Key: X25519, 253 bits". But X25519 is not listed in the
> output of "openssl ecparam
What do you get from this command?
ldd ../engines/capi.so?
I think that the configuration example I gave you in my previous email
will also help this...
Cheers,
Richard
In message
on Fri, 11 Nov 2016 14:46:45 +, "Gupta, Saurabh"
said:
Saurabh.Gupta> I tried to dynamically load e_c
In message
on Fri, 11 Nov 2016 14:46:23 +, "Gupta, Saurabh"
said:
Saurabh.Gupta> I tried to execute ./openssl s_server command in the latest
Openssl
Saurabh.Gupta> Version 1.1.0c after doing Openssl compilation steps:
Saurabh.Gupta> ./config
Saurabh.Gupta> make
Saurabh.Gupta> make test
S
On 14/11/16 13:37, Brandon Black wrote:
> On Mon, Nov 14, 2016 at 10:04 AM, Matt Caswell wrote:
>> During the handshake phase OpenSSL adds a buffering BIO in front of the
>> wbio. However when you call SSL_get_wbio(), you get back the *real* wbio
>> (without the bbio on the front). This is a cha
On Mon, Nov 14, 2016 at 10:04 AM, Matt Caswell wrote:
> During the handshake phase OpenSSL adds a buffering BIO in front of the
> wbio. However when you call SSL_get_wbio(), you get back the *real* wbio
> (without the bbio on the front). This is a change of behaviour between
> 1.1.0 and 1.0.2, and
On 12/11/16 16:29, Brandon Black wrote:
> Hi all,
>
> I'm running into an issue where if the server handshake response
> exceeds some value a little over 4K (which is pretty easy these days
> with a typical public cert, intermediate, and stapled OCSP response),
> we're suffering an extra RTT i
10 matches
Mail list logo
