To close off this thread: OpenSSL will not be making any changes.
The team voted on moving a set of algorithms to maintenance mode, and
removing the corresponding assembly implementations from libcrypto, but the
vote did not pass.
Emilia
On Fri, Nov 27, 2015 at 10:19 AM, Tim Hudson
On Tue, Nov 17, 2015 at 11:12 AM, Jeffrey Walton wrote:
> > MD2 - (The argument that someone somewhere may want to keep verifying old
> > MD2 signatures on self-signed certs doesn't seem like a compelling enough
> > reason to me. It's been disabled by default since OpenSSL
n, Nov 16, 2015 at 2:21 PM, Hubert Kario <hka...@redhat.com> wrote:
> On Friday 13 November 2015 14:40:33 Emilia Käsper wrote:
> > Hi all,
> >
> > We are considering removing from OpenSSL 1.1 known broken or outdated
> > cryptographic primitives. As you may know the
or any of the other algorithms,
please let us know!
Thanks,
Emilia
On Mon, Nov 16, 2015 at 7:25 PM, Hubert Kario <hka...@redhat.com> wrote:
> On Monday 16 November 2015 16:51:10 Emilia Käsper wrote:
> > IDEA, MD2, MDC2, RC5, RIPEMD, SEED, Whirlpool, binary curves
> >
>
Hi all,
We are considering removing from OpenSSL 1.1 known broken or outdated
cryptographic primitives. As you may know the forks have already done this
but I'd like to seek careful feedback for OpenSSL first to ensure we won't
be breaking any major applications.
These algorithms are currently
The server is sending back a servername extension where the extension_data
has length 2, and the data consists of two 0-bytes. An empty extension, as
required by the RFC, would have length 0, and empty data. That'd mean the
problem is on their end, I think.
Cheers,
Emilia
On Fri, Oct 24, 2014
Yes, I think that's a reasonable solution. The new test was added together
with the bugfix as a regression test. Disabling it would bring you back to
the earlier state without any further regression.
Cheers,
Emilia
On Thu, Oct 16, 2014 at 5:37 PM, Russell Selph rse...@tibco.com wrote:
Thanks.
Does applying the following two patches fix your build?
http://git.openssl.org/gitweb/?p=openssl.gita=commith=8202802fadf7f70c656b92f3697da39c9c4271d7
http://git.openssl.org/gitweb/?p=openssl.gita=commith=e2e5326e5b068411999f62b4ba67835d64764ca5
These are build fixes that we appear to have
'
gmake: *** [build_crypto] Error 1
I was wrong in my original note, this fails at the same spot on hpux
parisc and ia64, 11iv1 to v3
*From:* owner-openssl-us...@openssl.org [mailto:
owner-openssl-us...@openssl.org] *On Behalf Of *Emilia Käsper
*Sent:* Thursday, October 16, 2014 12:37
works
Trying this without the patches to see if it builds as well.
*From:* owner-openssl-us...@openssl.org [mailto:
owner-openssl-us...@openssl.org] *On Behalf Of *Emilia Käsper
*Sent:* Thursday, October 16, 2014 1:39 PM
*To:* openssl-users@openssl.org
*Subject:* Re: compile prob
Hi,
CVE-2014-3510 affects anonymous DH and ECDH ciphersuites only.
The additional modification for RSA key exchange is just us being pedantic:
we added an internal error for an impossible-to-reach condition. It is a
safety net to avoid regression, should something change in the surrounding
code.
11 matches
Mail list logo