On Wed, Apr 22, 2020 at 11:46:16AM +0800, yang berlin wrote:
> Wow, thanks for the detailed reply!
> Actually I am a master student and my teacher wants me to figure out the
> use of ed25519. So I went to see openssl.
> I thought ed25519 can sign messages so I tried the dgst command. Now I know
>
Wow, thanks for the detailed reply!
Actually I am a master student and my teacher wants me to figure out the
use of ed25519. So I went to see openssl.
I thought ed25519 can sign messages so I tried the dgst command. Now I know
that I was wrong.
Anyway, thank you again!
Viktor Dukhovni
A few corrections:
OpenSSL included CMS (RFC3369) support since 1.0.0 (see the CHANGES
file), though for a long time, there was an arbitrary disconnect between
functions named CMS and functions named PKCS#7 even though it should
have been a continuum.
The PKCS#7 and CMS standards equally
Michael Mueller wrote:
> We've implemented what I gather can be called a CMS on Linux and Windows
> using openssl evp functions.
I'm not sure why you say it this way.
OpenSSL includes CMS (RFC3369) support, but I think not until 1.1.0.
Did you implement RFC3369, or something else?
You
* Sorry for being unclear, the goal would be to just not send the SCSV
value in the ClientHello.
Why?
That makes sense, thank you all.
Thanks for you reply Ben!
Sorry for being unclear, the goal would be to just not send the SCSV value
in the ClientHello.
-Mark
Am Di., 21. Apr. 2020 um 22:06 Uhr schrieb Benjamin Kaduk :
> On Tue, Apr 21, 2020 at 09:57:02PM +0200, Mark Windshield wrote:
> > Hello,
> >
> > I was wondering what
On 2020-04-21 18:45, Michael Tuexen wrote:
On 21. Apr 2020, at 23:49, Matt Caswell wrote:
On 21/04/2020 18:34, Claus Assmann wrote:
Thanks for the reply, below is the output, It seems it only fails
because the host doesn't support IPv6?
Yes - it does seem to be an IPv6 problem. I don't
> On 21. Apr 2020, at 23:49, Matt Caswell wrote:
>
>
>
> On 21/04/2020 18:34, Claus Assmann wrote:
>> Thanks for the reply, below is the output, It seems it only fails
>> because the host doesn't support IPv6?
>
> Yes - it does seem to be an IPv6 problem. I don't recall any recent
> changes
On Tue, Apr 21, 2020 at 10:49:25PM +0100, Matt Caswell wrote:
>
> Looks like the failing call is here:
>
> if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY,
>(const void *), sizeof(on)) != 0) {
>
> To which we get an errno indicating "Invalid argument". So it looks
On 21/04/2020 18:34, Claus Assmann wrote:
> Thanks for the reply, below is the output, It seems it only fails
> because the host doesn't support IPv6?
Yes - it does seem to be an IPv6 problem. I don't recall any recent
changes in this area. Were you successfully able to run the tests with
onger receiving public updates. Extended support is available
> for premium support customers: https://www.openssl.org/support/contracts.html
>
> This issue did not affect OpenSSL 1.1.0 however these versions are out of
> support and no longer receiving updates.
>
> Users of
On Tue, Apr 21, 2020 at 04:06:04PM +0100, Junaid Mukhtar wrote:
> I have managed to block the RC4 and enable tlsv1 as per our requirements.
>
> We have a requirement to match cipher list on the internal server to match
> the native browser cipher list as shown by the
>
On Tue, Apr 21, 2020 at 09:57:02PM +0200, Mark Windshield wrote:
> Hello,
>
> I was wondering what I'd have to change in the openssl code/config before
> compiling to have renegation disabled by default, so it won't send the
> Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) when using
Hello,
I was wondering what I'd have to change in the openssl code/config before
compiling to have renegation disabled by default, so it won't send the
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) when using curl.
Thanks!
Summary: The OpenSSL 1.1.1g test suite contains at least two bugs:
TestBug#1: Test suite fails if local network has no IPv6, error message
(non-
verbose) doesn't say that's the issue. [ Testing IPv6 makes sense,
rejecting
regression tests on inadequate machines is important to avoid
On Tue, Apr 21, 2020 at 12:46:43PM -0700, Sam Roberts wrote:
> The announcement claims that this affects SSL_check_chain().
>
> Is that an exhaustive list? If an application does NOT call that
> function, does this mean the vulnerability is not exploitable?
That is correct (speaking only in
l
>
> This issue did not affect OpenSSL 1.1.0 however these versions are out of
> support and no longer receiving updates.
>
> Users of these versions should upgrade to OpenSSL 1.1.1.
>
> References
> ==
>
> URL for this Security Advisory:
> https://www.openssl.o
That link shows whatever anyone's browser is configured to handle when
clicking
the link.
The important thing is which browsers you need to support, like the ones on
https://www.ssllabs.com/ssltest/clients.html
Beware that the list I just linked is woefully incomplete for those of
us who
On Tue, 21 Apr 2020 19:55:41 +0200,
Quanah Gibson-Mount wrote:
> --On Tuesday, April 21, 2020 11:25 AM -0700 Norm Green
> wrote:
>
> > >I use the git release tags, not the tarballs.
> >
> > I do too, and I suspect many others do as well.
> > The empty krb5 directory has not caused grief for
--On Tuesday, April 21, 2020 11:25 AM -0700 Norm Green
wrote:
>I use the git release tags, not the tarballs.
I do too, and I suspect many others do as well.
The empty krb5 directory has not caused grief for me, but it would be
nice if the git release tag directory structure matched the
On Tue, Apr 21, 2020 at 05:48:19PM +0800, yang berlin wrote:
> I want to use ed25519 in openssl.
Why? What actual real-world purpose do you have for ed25519?
> The problem I met is: I can use "speed ed25519" to test the speed of
> ed25519, but when I use "dgst -ed25519", it tells me that
On Tue, Apr 21, 2020, Benjamin Kaduk via openssl-users wrote:
> On Tue, Apr 21, 2020 at 07:22:38PM +0200, Claus Assmann wrote:
> > ../test/recipes/80-test_ssl_old.t ..
> > Dubious, test returned 1 (wstat 256, 0x100)
> Please run again with `make V=1 TESTS=test_ssl_old test` and
On Tue, Apr 21, 2020 at 07:22:38PM +0200, Claus Assmann wrote:
> Note sure whether this is already known (a search didn't bring up
> anything meaningful):
>
> ../test/recipes/80-test_ssl_old.t ..
> Dubious, test returned 1 (wstat 256, 0x100)
> Failed 1/6 subtests
> Test Summary
>I use the git release tags, not the tarballs.
I do too, and I suspect many others do as well.
The empty krb5 directory has not caused grief for me, but it would be
nice if the git release tag directory structure matched the tarball.
Norm Green
On 4/21/2020 10:19 AM, Quanah Gibson-Mount
On Tue, Apr 21, 2020 at 10:19:28AM -0700, Quanah Gibson-Mount wrote:
> --On Tuesday, April 21, 2020 11:16 AM -0700 Benjamin Kaduk
> wrote:
>
> > The 'krb5' entry in git is a submodule, used for the external tests.
> > It's removed while preparing release tarballs, but I'm not sure what
> > you
Note sure whether this is already known (a search didn't bring up
anything meaningful):
../test/recipes/80-test_ssl_old.t ..
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/6 subtests
Test Summary Report
---
../test/recipes/80-test_ssl_old.t
--On Tuesday, April 21, 2020 11:16 AM -0700 Benjamin Kaduk
wrote:
The 'krb5' entry in git is a submodule, used for the external tests.
It's removed while preparing release tarballs, but I'm not sure what
you are doing that's causing conflicts -- are you doing something that
involves both
On Tue, Apr 21, 2020 at 10:08:39AM -0700, Quanah Gibson-Mount wrote:
> The OpenSSL release tags contain an empty directory "krb5" that does not
> exist in the release tarball. This is annoying because when I go to merge
> release tags, I constantly get the following:
>
> CONFLICT
The OpenSSL release tags contain an empty directory "krb5" that does not
exist in the release tarball. This is annoying because when I go to merge
release tags, I constantly get the following:
CONFLICT (modify/delete): krb5 deleted in HEAD and modified in
OpenSSL_1_1_1e. Version
IGNORE
cockpit error
I failed to compile openssl on the lowest revision release that we
support. The error occurred when I tried to build our app on the low
rev system with openssl 1.1.1g that was built on a higher revision
linux system.
TIL secure_getenv()
On Tue, Apr 21, 2020 at 11:18 AM
anybody else compiling apps against openssl 1.1.1g in Linux and
getting link errors for secure_getenv?
../../../../OPENSSL/bin/SUSE-Linux/libcrypto.a(getenv.o): In function
`ossl_safe_getenv': getenv.c:(.text+0x1): undefined reference to
`secure_getenv
secure_getenv() is a GNU extension
Mike
Hi Tomas/Team
I have managed to block the RC4 and enable tlsv1 as per our requirements.
We have a requirement to match cipher list on the internal server to match
the native browser cipher list as shown by the
https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html
I have tried setting up
ld upgrade to OpenSSL 1.1.1.
References
==
URL for this Security Advisory:
https://www.openssl.org/news/secadv/20200421.txt
Note: the online version of the advisory may be updated with additional details
over time.
For details of OpenSSL severity classifications please see:
https://www.o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 1.1.1g released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.1g of our open
Greetings esteemed openssl users,
We've implemented what I gather can be called a CMS on Linux and Windows
using openssl evp functions.
We need to expand this CMS to other systems, on which we have not been able
to build openssl. These other systems have a vendor supplied security
application.
Hi,
Just to say that you can get the -Fpic flag by using the 'shared' argument
to the Configure script. The following works for me:
./Configure solaris64-sparcv9-cc --prefix=/opt/openssl/1.1.1
--openssldir=/opt/openssl/1.1.1 -lrt -m64 shared zlib
Regards,
Tim
-Original Message-
Hello, I am a beginner on openssl, and I want to use the ed25519 in openssl.
The problem I met is: I can use "speed ed25519" to test the speed of
ed25519, but when I use "dgst -ed25519", it tells me that "dgst:
Unrecognized flag Ed25519". So could you please help me to learn how to use
ed25519
38 matches
Mail list logo