--On Tuesday, March 3, 2020 5:16 PM -0500 Chris Rhoads
wrote:
But I've been unable to determine with certainty how the last
vulnerability on this list (CVE-1999-0428) was fixed. In my research,
I've found a potential OpenSSL update in release 0.9.2b that may have
addressed the vulnerabili
On Thu, Feb 27, 2020 at 1:01 PM Andersen, John S
wrote:
>
> Hi All,
>
> The TPM 2.0 PKCS11 project has been attempting to get the TPM working with
> EAP-TLS WiFi.
>
> We've run into an issue where the TPM spec specifies that for RSA PSS signing
> keys, the random salt length will be the largest si
Hi openssl-users,
I am researching the known vulnerabilities of open source software that we
are considering. According to the NIST NVD web site, the 1.1.1d version of
OpenSSL has a few known vulnerabilities:
https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&searc
We recently abandoned our effort to port 1.1.1d to zos. Attempting to use
GSK now. Lack of a zos dev community is a hurdle.
M
On Mon, Mar 2, 2020, 6:04 AM K Lengauer wrote:
> Dear all,
>
> I stumbled across this mails when looking for information regarding OpenSSL
> on zOS. Currently, I am work
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Richard Simard
Sent: Tuesday, March 03, 2020 07:57
> Wen I creating my root certificates I would like to add the version of the
> certification authority. I searched but I couldn't find anything. Is there
> anyone among y
Hi,
Alfred, I'd like to say "thanks" once more.
I tried with newer ciphers and version 1.2 - and now freeradius (3.0.16)
indeed sends me the second
"challenge". So, it's a huge progress.
Indeed, the capture now looks like an EAP-TLS negotiation should go on.
The server accepted the client
On 02/03/2020 11:28, iilinasi wrote:
> Freeradius (3.0.16, 3.0.20)
Could be this issue:
https://github.com/FreeRADIUS/freeradius-server/issues/2385
"It may be due to the issue fixed in commit fd803c9. 3.0.17 sometimes
complained that TLS 1.3 was unknown, and refused to do TLS 1.3 at all.
That
Good Morning all.
Wen I creating my root certificates I would like to add the version of the
certification authority. I searched but I couldn't find anything. Is there
anyone among you who could tell me how to add this information in the
configuration of OpenSSL
Tank-You
[https://www.groupesti.
On 03/03/2020 12:51, iilinasi wrote:
> Alfred, I'd like to say "thanks" once more.
>
> I tried with newer ciphers and version 1.2 - and now freeradius (3.0.16)
> indeed sends me the second "challenge". So, it's a huge progress.
>
> However it still complains on the unknown TLS version. I attac
Loading post-proxy {...}
# Loading post-auth {...}
} # server default
server inner-tunnel { # from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
# Loading authenticate {...}
# Loading authorize {...}
# Loading session {...}
# Loading post-proxy {...}
# Loading post-auth {...}
# Skip
Thank you Alfred!
Yup, I used old ciphers indeed. I suspect it stops even before checking
them, but I'll add newer ones and let you know.
This is the relevant part of freeradius log, just in case:
--
(1) eap_tls: TLS_accept: before SSL initialization
(1) eap_tls: TLS_accept: before SSL initia
On 03/03/2020 07:48, guoxiaobi...@163.com wrote:
> Dear All,
>
>
>
> I hit the following error when used ‘openssl s_server -no_tls1’ command
> to disable TLS1.0 on Redhat Linux server.
Your question is slightly ambiguous. It implies you expect the command
to disable TLSv1.0 for all applicat
On 2020-03-03 08:19, Viktor Dukhovni wrote:
On Mon, Mar 02, 2020 at 01:48:20PM +0530, shiva kumar wrote:
when I tried to verify the the self signed certificate in OpenSSL 1.0.2 it
is giving error 18 and gives OK as o/p, when I tried the same with OpenSSL
1.1.1 there is slight change in the beha
On Tue, Mar 03, 2020 at 10:25:16AM +0300, Илья Юркевич (Ilya Yurkevich) via
openssl-users wrote:
> No, I want to get CMS Enveloped data in the end of the procedure.
The OpenSSL cms(1) command supports streaming when encoding (but not
when decoding). If you wade through the source of apps/cms.c
No, I want to get CMS Enveloped data in the end of the procedure.
Firstly, I initialize the encryption operation by adding recipient
certificates, algorithms, etc., then send the data in chunks for encryption and
receive them in an encrypted format for further writing to the file. At the end
Dear All,
I hit the following error when used 'openssl s_server -no_tls1' command to
disable TLS1.0 on Redhat Linux server. It shows the openssl version as well.
16 matches
Mail list logo
