On Mon, Mar 02, 2020 at 01:48:20PM +0530, shiva kumar wrote:
> when I tried to verify the the self signed certificate in OpenSSL 1.0.2 it
> is giving error 18 and gives OK as o/p, when I tried the same with OpenSSL
> 1.1.1 there is slight change in the behavior it also gives the same error,
> but
On 2020-03-03 07:46, Phani 2004 wrote:
Hi Team,
I am trying to implement mac-then-encrypt for aes_cbc_hmac_sha1
combined cipher. From the code i could understand that the first 16
bytes were being used as explicit IV while decrypting and the hmac is
done for 13 bye AAD and 16 byte Fin record
Hi Team,
I am trying to implement mac-then-encrypt for aes_cbc_hmac_sha1 combined
cipher. From the code i could understand that the first 16 bytes were being
used as explicit IV while decrypting and the hmac is done for 13 bye AAD
and 16 byte Fin record in finish message.
Which RFC/section
You can read details about current OpenSSL versioning at
https://wiki.openssl.org/index.php/Versioning
Going forward with the upcoming 3.0.0 release, the versioning scheme will
change to a more contemporary format.
You can read about it at https://www.openssl.org/policies/releasestrat.html
Best
Hi,
can you please tell me more about
1) How to verify a self signed (.crt) key in OpenSSL 1.1.1?
2) Is key generated by OpenSSL 1.0.2 can be used to connect with OpenSSL
1.1.1 and vice versa?
Thanks and regards
Shivakumar
On Mon, Mar 2, 2020 at 2:36 PM Dmitry Belyavsky wrote:
> First, I
Hi,
I am curious to know regarding *k* in 1.0.2k-fips, *d* in 1.1.1d, *l* in
1.1.0l and *u* in 1.0.2u. What does this alphabet mean?
Best Regards,
Kaushal
Hi,
We are using the Nginx Web server on CentOS Linux release 7.7.1908 (Core).
*OpenSSL Version*
#openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
#
*Nginx Version*
#rpm -qa | grep nginx
nginx-1.16.1-1.el7.x86_64
#
Can someone please suggest me to use strong cipher suites for SSL/TLS
Hi,
I'd like to understand, how does OpenSSL get to the idea of "0304"
version, if there is no such a
byte sequence in the packet...
My question is: how OpenSSL determines the TLS version? How to debug it?
I don't see any TLS 1.3 in the capture as well, but I see that your client
is using
On 02/03/2020 11:28, iilinasi wrote:
> I'd like to understand, how does OpenSSL get to the idea of "0304"
> version, if there is no such a byte sequence in the packet...
> My question is: how OpenSSL determines the TLS version? How to debug it?
>
Very strange. I have no idea. Looking at the
Dear everyone,
I'm looking for your pointers to help me to debug the issue I
have.
I try to implement an auth exchange with the RADIUS, requesting EAP-TLS.
At this moment I only need to get to the phase when server responds with
Access-Challenge with server certificate (so, 2 packets from
Dear all,
I stumbled across this mails when looking for information regarding OpenSSL
on zOS. Currently, I am working on getting OpenSSL 1.1.1c running on zOS. So
far I created my own config "target" inside 10-main.conf based on the old
configuration that was used pre OpenSSL 1.1.0.
Still, I was
On 28/02/2020 09:11, Phani 2004 wrote:
> OK. I understood that "AES-128-CBC-HMAC-SHA1"(aesni_cbc_hmac_sha1)
> always does mte.
> I am trying to implement engine implementation of combined mode cipher
> aes_cbc_hmac_sha1.
> So in my aes_cbc_hmac_sha1_cipher implementation should i do mte only?
First, I recommend you not to hurry up :)
Second, the validation procedures have changed between 1.0.2 and 1.1.1,
1.1.1 checks more strictly.
E.g., a self-signed certificate without "CA:TRUE" will be treated as valid
CA cert in 1.0.2 but not valid in 1.1.1
On Mon, Mar 2, 2020 at 12:01 PM shiva
Hi,
Please help me, is this an expected behavior?
On Mon, Mar 2, 2020 at 1:48 PM shiva kumar wrote:
> when I tried to verify the the self signed certificate in OpenSSL 1.0.2 it
> is giving error 18 and gives OK as o/p, when I tried the same with OpenSSL
> 1.1.1 there is slight change in the
when I tried to verify the the self signed certificate in OpenSSL 1.0.2 it
is giving error 18 and gives OK as o/p, when I tried the same with OpenSSL
1.1.1 there is slight change in the behavior it also gives the same error,
but instead of OK it gives different error as "*ca.crt: verification
15 matches
Mail list logo