Hi,
I have a question that is maybe similar to this one asked about a year ago:
https://mta.openssl.org/pipermail/openssl-users/2017-December/007050.html. I
want to experiment with trying to hide the keys and certificates used during
TLS session creation inside trusted hardware. I am not sure w
Thanks for all of your answers.
I tried Matt's quick hack, and I confirm it's quick and efficient. I
compiled and ran an Apache server, locally (but I'll make more tests) I see
what I wanted to see, with the server handshake records being sent one by
one.
Here is the capture info :
No. Time
> On Nov 15, 2018, at 5:53 AM, Eugène Adell wrote:
>
> I am looking for a way to configure OpenSSL then it will send handshake
> records one by one in their respective TCP packet, instead of sending one
> big message containing several records. Typically, in my network captures
> I see the server
> On Nov 15, 2018, at 9:30 AM, Short, Todd via openssl-users
> wrote:
>
> I have seen this done for hardware acceleration; where the crypto chip can do
> everything except the handshake.
> (In fact, this mechanism protected at least one device that I know of from
> the Heartbleed debacle, sinc
I have seen this done for hardware acceleration; where the crypto chip can do
everything except the handshake.
(In fact, this mechanism protected at least one device that I know of from the
Heartbleed debacle, since the hardware crypto did not understand the record
type.)
Look at how the kernel
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Matt Caswell
> Sent: Thursday, November 15, 2018 06:12
>
> On 15/11/2018 10:53, Eugène Adell wrote:
> > I am looking for a way to configure OpenSSL then it will send handshake
> > records
> > one by one in their respec
You can do this by writing your own BIO (probably based on memory) that then
dribbles data out to its own internal socket.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On 15/11/2018 11:17, Eugène Adell wrote:
> This is mainly for experimental reason (client compliance checking,
> performance
> measurement). As the SSL/TLS protocol allows it, why not to test ?
> If no other solution than modifying the source code, where should I look ?
That involves messing wi
This is mainly for experimental reason (client compliance checking,
performance measurement). As the SSL/TLS protocol allows it, why not to
test ?
If no other solution than modifying the source code, where should I look ?
Le jeu. 15 nov. 2018 à 12:12, Matt Caswell a écrit :
>
>
> On 15/11/2018 1
On 15/11/2018 10:53, Eugène Adell wrote:
> Hello,
>
> I am looking for a way to configure OpenSSL then it will send handshake
> records
> one by one in their respective TCP packet, instead of sending one big message
> containing several records. Typically, in my network captures I see the serve
Hello,
I am looking for a way to configure OpenSSL then it will send handshake
records one by one in their respective TCP packet, instead of sending one
big message containing several records. Typically, in my network captures I
see the server sending one message containing Server Hello + Certific
11 matches
Mail list logo
