and 1.1.1
On 19/03/2019 13:40, Perrow, Graeme wrote:
> TLS: error: accept - force handshake failure: errno 11 - moznss error -12162
>
> TLS: can't accept: TLS error -12162:Unsupported hash algorithm used by TLS
> peer..
Just to confirm - you've not configured client authenticatio
I have an LDAP server that accepts TLS connections, and I can make a connection
to it using "openssl s_client -showcerts -host : -debug". The
output shows this is a TLSv1.2 connection using ECDHE-RSA-AES128-SHA. This is
using OpenSSL version 1.0.2j.
If I run exactly the same command using the
AFAIK 1.1.1 does not support the FIPS module, which means that those of us who
require FIPS must stay on 1.0.2. Any ETA on when FIPS support might be added?
Graeme
-Original Message-
From: openssl-users On Behalf Of Matt
Caswell
Sent: September 11, 2018 4:31 AM
To:
We are shipping OpenSSL (1.0.2j) shared objects built with FIPS, which are
automatically loaded when the application starts. But if our software directory
is in the path (or LD_LIBRARY_PATH or platform equivalent) earlier than the
system directories, then other applications that load OpenSSL
I have a small test program (source attached) that does a very simple PKI
encrypt / decrypt. This program works on Windows, Linux, and Solaris (64-bit)
but fails if I run a 32-bit version on Solaris 10. Solaris 11 is fine.
If I use "./config -kPIC -m32 -xarch=sparc" to build OpenSSL, I get a
I'm seeing a problem where my application cannot initialize the FIPS library
(i.e. the call to FIPS_mode_set fails) when using 1.0.2j libraries. The error I
get is: "FIPS_check_incore_fingerprint:fingerprint does not match:fips.c:232:"
However if I build 1.0.2i libraries, everything is fine. I
I am trying to build FIPS OpenSSL libraries for Linux PPC64 but it does not
seem possible. This has been raised before (link below) but I didn't see any
resolution.
http://openssl.6102.n7.nabble.com/BUG-FIPS-capable-OpenSSL-fails-to-build-on-Linux-PPC64-td66890.html
I can build it if I run
@openssl.org
Subject: Re: [openssl-users] Can RSA_private_decrypt succeed with the wrong
padding?
On Wed, Apr 29, 2015 at 03:42:40PM +, Perrow, Graeme wrote:
Apologies for the top-post; Outlook makes it hard to do anything else.
Here is a small C++ reproducible. I am generating a key pair
Subject: Re: [openssl-users] Can RSA_private_decrypt succeed with the wrong
padding?
On Sat, Apr 25, 2015 at 12:49:21AM +, Perrow, Graeme wrote:
Using OpenSSL 1.0.1m on 64-bit Windows and Linux.
I have implemented RSA encryption using the RSA_public_encrypt and
RSA_private_decrypt
Using OpenSSL 1.0.1m on 64-bit Windows and Linux.
I have implemented RSA encryption using the RSA_public_encrypt and
RSA_private_decrypt functions and various padding types. This is working fine
except that in very rare cases, my test fails because decrypting succeeds when
it should fail. I'm
I just downloaded 1.0.1k and when trying to build it on Windows (using Visual
Studio 10.0), I get a compile error:
.\crypto\cversion.c(80) : error C2065: 'cflags' : undeclared identifier
.\crypto\cversion.c(80) : warning C4047: 'return' : 'const char *' differs in
levels of indirection from
I am trying to build a Windows DLL that includes the static OpenSSL FIPS
libraries. I built the FIPS libraries using the perl Configure fips
--with-fipslibdir=... -no-shared and then nmake -f ms\nt.mak. I'm using
openssl-fips-2.0.5, openssl-1.0.1j, and MS Visual Studio 2010.
Now I'm trying to
I am having trouble loading the OpenSSL FIPS DLLs (2.0.5, using OpenSSL 1.0.1e)
in my 32-bit Windows application. Most of the time I get a fingerprint does
not match error from FIPS_mode_set but now and again, with no code changes, it
succeeds. I have a feeling it has to do with rebasing and
On 32-bit Windows, I am seeing this error when trying to determine why the
FIPS_mode_set(1) call is failing. I am building the OpenSSL FIPS module
(OpenSSL 1.0.1e, OpenSSL FIPS 2.0.5), and I want to load it from another DLL
which is itself loaded from an application. The application knows
I am building a DLL that includes the OpenSSL FIPS object module. This is on
Windows using Visual Studio 10.0. I have the 64-bit version working fine but
when I build a 32-bit version, the incore fingerprint fails to match when I
load the DLL and call FIPS_mode_set(1). I had the same problem
If I do openssl x509 -in mycert.crt -text I see Signature Algorithm:
sha1WithRSAEncryption. There's no mention of MD5 here but since OpenSSL is
attempting to load it, I assume it's using the MD5-SHA1 combination. If that
*is* permitted, why am I getting the disabled for FIPS error?
Graeme
I am using OpenSSL FIPS module 2.0.5 with OpenSSL 1.0.1e on Windows. After
calling FIPS_mode_set(1), I cannot call SSL_CTX_use_RSAPrivateKey_file. When I
debug into it, it is failing when trying to initialize MD5. Apparently the
private key is encrypted with MD5.
I was under the impression
I am trying to build a DLL that includes the OpenSSL FIPS Object Module, and
then load that DLL from my application. This is on Windows 7 64-bit using
Microsoft Visual Studio v10. The DLL is built successfully and my application
can load it, but when I call the FIPS_mode_set(1) function, the
18 matches
Mail list logo
