If i setup a DTLS server, the client can connect once and send
messages find. but if the client restarts and tries to send data, the
server hangs on SSL_read.
I'm assuming the server does not like a clienthello message when it is
expecting application data.
How can the server be made to recover
On 11/11/2019 20:51, Phil Neumiller wrote:
> Extension: ec_point_formats (len=4)
> Type: ec_point_formats (11)
> Length: 4
> EC point formats Length: 3
> Elliptic curves point formats (3)
> EC point format: uncompressed (0)
> EC point
On 11/11/2019 21:09, Phil Neumiller wrote:
> The hardware wants to see a client hello like the following:
By this do you imply that if you give it additional extensions it fails?
That is a highly non-compliant implementation!!
Matt
On 11/11/2019 22:12, Michael Wojcik wrote:
> -Original Message-
>> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
>> Phil Neumiller
>> Sent: Monday, November 11, 2019 15:57
>>
>> Code: SSL_CTX_set_options(ctx, !SSL_OP_ALL);
>
> That's just a verbose way of
-Original Message-
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Phil Neumiller
> Sent: Monday, November 11, 2019 15:57
>
> Code: SSL_CTX_set_options(ctx, !SSL_OP_ALL);
That's just a verbose way of saying SSL_CTX_set_options(ctx, 0).
Perhaps you meant
The hardware wants to see a client hello like the following:
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 253
Version: TLS 1.2 (0x0303)
Random: 00010002000400090012…
GMT Unix Time: Dec 31, 1969 17:00:00.0 MST
Code: SSL_CTX_set_options(ctx, !SSL_OP_ALL);
-
Phillip Neumiller
Platform Engineering
Directstream, LLC
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
By doing the following in my code:
I was able to get the Client Hello Extensions down to.
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 365
Version: TLS 1.2 (0x0303)
Random: 19ff8a9231e83985887f5e45f2c9b243f0ccaa955beb1f03…
Session ID Length: 32
On 11/11/2019 19:43, Benjamin Kaduk via openssl-users wrote:
> On Mon, Nov 11, 2019 at 12:32:22PM -0700, Phil Neumiller wrote:
>> I am speaking TLS 1.3 with openssl to a hardware device that I can't change.
>> I need the client hello header to only support certain extensions, yet I
Any
On Mon, Nov 11, 2019 at 12:32:22PM -0700, Phil Neumiller wrote:
> I am speaking TLS 1.3 with openssl to a hardware device that I can't change.
> I need the client hello header to only support certain extensions, yet I
> see no way in the SSL API to remove the default extensions in the TLS 1.3
>
I am speaking TLS 1.3 with openssl to a hardware device that I can't change.
I need the client hello header to only support certain extensions, yet I
see no way in the SSL API to remove the default extensions in the TLS 1.3
client hello. Can I clear them all and just add the ones I want? What
Hiya,
On 11/11/2019 16:50, Michael Wojcik wrote:
>> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
>> Behalf Of Stephen Farrell Sent: Monday, November 11, 2019 09:53
>>
>> I'm seeing some errors from valgrind when running s_client from a
>> clean build from the tip. (Details
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Stephen Farrell
> Sent: Monday, November 11, 2019 09:53
>
> I'm seeing some errors from valgrind when running s_client
> from a clean build from the tip. (Details of that below.)
Have you reviewed past discussions
On 11.11.19 16:42, Wendell Nichols via openssl-users wrote:
Is there anyone on this group with experience with ebcdic platforms,
specifically zOS? I have built 1.1.1d on zOS and connections to my server work
for firefox 60 but not newer versions. I don't know exactly where the cut off
is
Is there anyone on this group with experience with ebcdic platforms,
specifically zOS? I have built 1.1.1d on zOS and connections to my
server work for firefox 60 but not newer versions. I don't know exactly
where the cut off is or what they changed but current versions get an
HMAC error. I
Hiya,
I'm seeing some errors from valgrind when running s_client
from a clean build from the tip. (Details of that below.)
In another build, (for ESNI), when I do a GCM encrypt and
then read the tag, it looks like the error is coming from
some sha256 assembler code:
==27027== Uninitialised
Hi,
I am trying to pass explicit IV during TLS 1.2 encryption. I copied
explicit IV to "ivec" before below function call. But IV on the
encrypted output is totally different. Can any one help ?
void aesni_cbc_encrypt(const unsigned char *in,
unsigned char *out,
The question about -rand option is valid, but Viktor’s post is right and the
rest of my post is wrong :(
From: openssl-users
Reply-To: Rich Salz
Date: Monday, November 11, 2019 at 8:10 AM
To: shiva kumar , openssl-users
Subject: Re: dsaparam error OpenSSL 1.1.1d
* openssl dsaparam 128
* openssl dsaparam 128 -rand file
Why are you using the -rand option? Unless this is a special platform, don’t
do that.
* is taking long time processing the command and not producing any output.
What is your hardware and software?
Can you run it under a debugger, and interrupt it
19 matches
Mail list logo
