Re: TLS renegotiation failure (on receiving application data during handshake)

Shashank, I don't think there is a workaround for this. I've faced this very recently and the only solution is to modify your application protocol in a way that allows renegotiation to happen when things are quiet. I've rambled about it before in OpenSSL forums : http://marc.info/?l=openssl-users

SSL3_GET_FINISHED:digest check failed on Solaris OpenSSL 1.0.0f

Occasionally (1% of the time), my SSL client throws a "digest check failed" when connecting to the server. The server gets the alert "decrypt error". The scenario is this: 1. The client and server establish a successful handshake and dump the remote side's SSL information (including the session ID

FIPS_mode_set wrapper not available on pre-1.0.1 versions

I have an application built across various Unix flavors that uses OpenSSL for SSL/TLS communication. I wanted to enable FIPS mode for my application. But, it seems like not all OpenSSL version provides the FIPS_mode_set wrapper function. Basically, I want to be able to seamlessly call FIPS_mode_se

Re: Interleaving SSL_write() and SSL_read()

If SSL_read returns SSL_ERROR_WANT_READ, it is perfectly reasonable to go ahead and call SSL_write or the other way around. Otherwise, it would be impossible to do full-duplex SSL communication with OpenSSL. I recently ran into a host of similar questions (and issues) and I got most of my questions

Bidirectional socket communication and SSL_renegotiate.

Hi, The client and server that I have in my project runs in a simple 1 socket, blocking mode environment. The model is that of a typical producer-consumer one. The client produces data, sends it to the server. The server consumes it. Once in a while, the server sends a control message to the clien

Re: Password callback functions per SSL_use_PrivateKey_file

Steve, Thanks much for the reply. I did not realize that EVP_PKEY structures can have their own callbacks. It's a few extra hoops, but worth it! Thanks, Karthik On Wed, Jul 24, 2013 at 8:15 AM, Dr. Stephen Henson wrote: > On Tue, Jul 23, 2013, Karthik Krishnamurthy wrote: > >>

Password callback functions per SSL_use_PrivateKey_file

OpenSSL provides multiple SSL objects to be created from a single SSL_CTX object and each SSL object can use a different privatekey file (SSL_use_PrivateKey_file). Given this flexibility, I don't see an option to have a password callback function per SSL object. The callbacks are provided only on