Re: [openssl-users] Working with large DH parameters

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am 04.05.2015 um 19:13 schrieb Kurt Roeckx: On Mon, May 04, 2015 at 09:00:21AM -0500, jack seth wrote: There is a limit of 1: #define OPENSSL_DH_MAX_MODULUS_BITS 1 I suggested replacing this compile time constant by a SSL_CTX option,

[openssl-users] Fwd: Problem with encoding a CRL's signing algorithm

Hi, I think there is somewhat strange behaviour in OpenSSL that causes interesting bugs to happen when trying to encode CRLs based on deltas. More information about the issue (causing a segfault under certain conditions) is in the attached mail by Felix who discovered it. Regards, BenBE.

Re: [openssl-users] [openssl-dev] OpenSSL source reformat

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Matt, first of all: THANK YOU! This has been overdue for ages! Just a small tweak that would be nice I'd like to see would be to always have block markers for loops and conditions. The lack of those was one of the many pitfalls with the old

Re: Why does OpenSSL own all the prefixes in the world?

What about introducing a openssl_deprecated.h which sole purpose is to throw in a bunch of defines that map ERR_old_style_name OPENSSL_ERR_new_style_name. To make an old-style codebase compatiblae the only thing to add would be either including openssl_deprecated.h or set a macro on the command

Re: On 2K keys and SHA-256

Hi Rich, Am 08.09.2014 23:59, schrieb Salz, Rich: We are considering changing the default keysize (RSA, DSA, DH) from 1K to 2K, and changing the default signing digest from SHA-1 to SHA-256. May I suggest 4096 bit with SHA-256. That way you have a security level of = 128 bit for both

Re: Value of DEFAULT cipher suite

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Rich, Am 09.09.2014 00:42, schrieb Salz, Rich: We are considering removing weak cryptography from the value of DEFAULT. That is, append :!LOW:!EXPORT It is currently defined as this in include/openssl/ssl.h: #define

Re: On 2K keys and SHA-256

Hi Rich, Am 09.09.2014 14:18, schrieb Salz, Rich: May I suggest 4096 bit with SHA-256. I think the next step after 2K-RSA is ECC, and that 4K RSA isn't going to see much deployment because of the computational cost. At least, that's how we see things at my employer. And Chrome+Firefox

Re: Signing .JAR files using OpenSSL for Windows

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am 01.09.2014 16:17, schrieb AUser ZUser: Hello Can someone please help me with the following question. I have a code signing certicate in my X509 store LocalMachine\My which I can use for signing PowerShell scripts for example

Re: Duration of rsa key generation process

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am 03.07.2014 09:46, schrieb phildoch: I tested the generation of a certificate with a keypair RSA 4096 bit on two different platforms. The openssl command I used is: /openssl req -newkey rsa:4096 -keyout clientKey.pem -out clientReq.pem/