Thanks Matt!
From: openssl-users on behalf of Matt
Caswell
Sent: Monday, September 20, 2021 7:43 PM
To: openssl-users@openssl.org
Subject: [EXTERNAL] Re:
On 20/09/2021 14:59, Shivakumar Poojari wrote:
> But how do i manage "f" paramater which i
The second certificate seems garbaged at the 4th RDN of the issuerName.
The Base64 edition might have added or deleted some characters.
Cordialement,
Erwann Abalea
Le 25/06/2020 16:00, « openssl-users au nom de Angus Robertson - Magenta
Systems Ltd »
a écrit :
More information, the origi
> The second certificate seems garbaged at the 4th RDN of the
> issuerName.
> The Base64 edition might have added or deleted some characters.
Sorry, looks like my manual word wrapping lost a character:
-BEGIN CERTIFICATE-
MIIHbDCCBVSgAwIBAgIIO7L2MrGOOTMwDQYJKoZIhvcNAQELBQAwgYAxCzAJBgNV
Why does EVP_get_digestbyname("md4") return non-NULL if the legacy
provider isn't loaded? Similarly, why does it return non-NULL for "md5"
after doing EVP_set_default_properties(NULL, "fips=yes")? This seems
unintuitive. Legacy code that does not know about EVP_MD_fetch() checks
the return valu
On Mon, Dec 05, 2022 at 11:31:18AM -0800, Thomas Dwyer III wrote:
> Why does EVP_get_digestbyname("md4") return non-NULL if the legacy provider
> isn't loaded? Similarly, why does it return non-NULL for "md5" after doing
> EVP_set_default_properties(NULL, "fips=yes")? This seems unintuitive. Legacy
On Mon, 2022-12-05 at 16:14 -0800, Benjamin Kaduk via openssl-users
wrote:
> On Mon, Dec 05, 2022 at 11:31:18AM -0800, Thomas Dwyer III wrote:
> > Why does EVP_get_digestbyname("md4") return non-NULL if the legacy
> > provider
> > isn't loaded? Similarly, why does it return non-NULL for "md5"
> > a
@openssl.org
Cc: Spence, Thomas CIV USAF AFDW 844 CS/SCOX
Subject: EXTERNAL: Re: RE: OpenSSL 1.0.1a
On 01/-10/-28163 08:59 PM, Spence, Thomas CIV USAF AFDW 844 CS/SCOX wrote:
> I am using AIX 5.3 with gcc 4.3.5.
> ld: 0711-317 ERROR: Undefined symbol: OPENSSL_ia32cap_P
I had the same proble
On Wed, Apr 25, 2012, Spence, Thomas CIV USAF AFDW 844 CS/SCOX wrote:
> Million THANKS! I never knew about SNAP!
>
> Okay I did try 3 files:
>
> openssl-1.0.1-stable-SNAP-20120425.tar.gz (OpenSSL 1.0.1b-dev)
> openssl-1.0.2-stable-SNAP-20120425.tar.gz (OpenSSL 1.0.2-dev)
> openssl-SNAP-20120425
We do have generated the key using EVP_PKEY_gen as suggested in earlier emails,
but since this was a non-ephemeral and we wanted to store the key in "raw"
octet bytes, so we did extracted the whole DH priv/pub key pair out from the
key generated via EVP_PKEY_gen ( using as suggested…
EVP_PKEY
a, Sunil Kumar ; openssl-users@openssl.org
Subject: RE: [EXTERNAL] RE: DH_compute_key () - replacement in 3.0
NOTICE: This email was received from an EXTERNAL sender
We do have generated the key using EVP_PKEY_gen as suggested in e
Hi Daniel,
Thanks we will try it out.
One more doubt regarding DH_generate_key, as per earlier suggestion we tried
following changes to replicate the generate key, but we observe that the out
put key is not matching with the one that is obtained by DH_generate_key() of
older ver
From: Narayana, Sunil Kumar
Sent: Thursday, December 17, 2020 8:17 AM
To: Sands, Daniel ; openssl-users@openssl.org
Subject: [EXTERNAL] RE: DH_compute_key () - replacement in 3.0
Hi,
For the equivalent replacement of DH_compute_key in 3.0, we
tried to perform the steps
> >> Now I would like to do the other end, where I have der and I want to
> >> parse back to the structure, using d2i()
> >>
> >> 1 - Is there a tutorial on this?
> >
> > Seems like you don't need one. If you got i2d working you should have d2i
> already!
> >
>
> I wasn't clear. The input and out
On 8/17/2021 12:57 PM, Sands, Daniel via openssl-users wrote:
Now I would like to do the other end, where I have der and I want to
parse back to the structure, using d2i()
1 - Is there a tutorial on this?
Seems like you don't need one. If you got i2d working you should have d2i
already!
I
> My latest attempt to code the below DER is this. It compiles, but the d2i
> segfaults on apparently the second element.
>
> Anything obviously wrong?
>
> typedef struct {
> ASN1_INTEGER *version;
> ASN1_INTEGER *serialNumber;
> X509_ALGOR *signature;
> X509_PUBKEY *key;
>
_get_host_ip()
itself in openssl version 1.0.1
Please suggest the alternative function, or some suggestions to move forward .
Thanks,
Shivakumar
From: Jordan Brown
Sent: Friday, September 24, 2021 9:40 PM
To: Shivakumar Poojari
Subject: [EXTERNAL] Re: Replacement for
both
thanks,
Shivakumar.
From: Matt Caswell
Sent: Monday, September 27, 2021 3:05 PM
To: Shivakumar Poojari ; openssl-users@openssl.org
Cc: Paramashivaiah, Sunil
Subject: [EXTERNAL] Re: Replacement for BIO_get_port(), BIO_get_host_ip()
On 24/09/2021 07:05
.
*From:* Matt Caswell
*Sent:* Monday, September 27, 2021 3:05 PM
*To:* Shivakumar Poojari ;
openssl-users@openssl.org
*Cc:* Paramashivaiah, Sunil
*Subject:* [EXTERNAL] Re: Replacement for BIO_get_port(), BIO_get_host_ip()
On 24/09/2021 07:05, Shivakumar Poojari wrote:
Hi
mat.
> From: Tomas Mraz
> Sent: Friday, March 4, 2022 2:56 PM
> To: Srinivas, Saketh (c) ;
> openssl-users@openssl.org
> Subject: [EXTERNAL] Re: bignum to evp key
> There is no straightforward way to do that. What do you want to do
> with
> the public and private EVP_PKE
>
> From: Tomas Mraz
> Sent: Friday, March 4, 2022 3:24 PM
> To: Srinivas, Saketh (c)
> Cc: openssl-users
> Subject: Re: [EXTERNAL] Re: bignum to evp key
> This is for some kind of artificial example code, isn't it? Because
> in
> a real world application of a DH/EC
Windows 10
perl Configure VC-WIN64A
-Original Message-
From: Richard Levitte [mailto:levi...@openssl.org]
Sent: Thursday, July 1, 2021 8:25 AM
To: Joe Carroll
Cc: openssl-users@openssl.org
Subject: [EXTERNAL] Re: GNU Make erroring on makefile
How did you configure, and on what
w and mingw64" in NOTES.WIN.
Matt
-Original Message-
From: Richard Levitte [mailto:levi...@openssl.org]
Sent: Thursday, July 1, 2021 8:25 AM
To: Joe Carroll
Cc: openssl-users@openssl.org
Subject: [EXTERNAL] Re: GNU Make erroring on makefile
How did you configure, and on what pla
Thanks Matt. That clears it up.
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Matt Caswell
Sent: Thursday, July 1, 2021 9:40 AM
To: openssl-users@openssl.org
Subject: Re: [EXTERNAL] Re: GNU Make erroring on makefile
On 01/07/2021 15
l Message-
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Matt Caswell
> Sent: Thursday, July 1, 2021 9:40 AM
> To: openssl-users@openssl.org
> Subject: Re: [EXTERNAL] Re: GNU Make erroring on makefile
>
>
> On 01/07/2021 15:06, Joe Carro
: [EXTERNAL] Re: ENGINE API replacement for Openssl3.0
Hello,
there is no direct replacement. The ENGINEs as a pluggable crypto
modules concept is replaced with the providers concept which is much
more sophisticated and capable.
Please look at
https://clicktime.symantec.com/3NTnN1ZFia2bCryEiZnkRmY6H2
he
> providers
>
> Thanks,
> shiva kumar
> From: Tomas Mraz
> Sent: Wednesday, September 8, 2021 7:00 PM
> To: Shivakumar Poojari ;
> openssl-users@openssl.org
> Cc: Paramashivaiah, Sunil ;
> Bhattacharjee, Debapriyo (c)
> Subject: [EXTERNAL] Re: ENGINE API rep
kumar Poojari ; openssl-users@openssl.org
Cc: Paramashivaiah, Sunil ; Bhattacharjee,
Debapriyo (c)
Subject: Re: [EXTERNAL] Re: ENGINE API replacement for Openssl3.0
I am sorry but as I said providers are not a direct replacement for ENGINEs. It
is a completely different implementation of the
priyo
(c)
Subject: Re: [EXTERNAL] Re: ENGINE API replacement for Openssl3.0
I am sorry but as I said providers are not a direct replacement for ENGINEs. It
is a completely different implementation of the same concept of pluggable
cryptographical modules for OpenSSL. You can look at the OpenSSL m
sday, September 15, 2021 2:18 PM
>> To: Shivakumar Poojari ;
>> openssl-users@openssl.org
>> Cc: Paramashivaiah, Sunil ; Bhattacharjee,
>> Debapriyo (c)
>> Subject: Re: [EXTERNAL] Re: ENGINE API replacement for Openssl3.0
>>
>> I am sorry but as I said providers are no
(as far as I know) the most simple provider implementation available.
Petr
-Original Message-
From: openssl-users On Behalf Of Tomas Mraz
Sent: Wednesday, September 15, 2021 2:18 PM
To: Shivakumar Poojari;openssl-users@openssl.org
Cc: Paramashivaiah, Sunil; Bhattacharjee, Debapriyo
(c)
Sub
Sent: Wednesday, September 15, 2021 2:18 PM
To: Shivakumar
Poojari;openssl-users@openssl.org
Cc: Paramashivaiah, Sunil;
Bhattacharjee, Debapriyo (c)
Subject: Re: [EXTERNAL] Re: ENGINE API replacement for Openssl3.0
I am sorry but as I said providers are not a direct replacement for
EN
t;> https://github.com/openssl/openssl/blob/master/providers/legacyprov.c
>>>>
>>>> Matt
>>>>
>>>> On 15/09/2021 13:26, Petr Gotthard wrote:
>>>>> Shiva,
>>>>> you may also have a look at
>>>>> thehttps://gith
////////
From: openssl-users on behalf of Matt
Caswell
Sent: Monday, November 29, 2021 8:40 PM
To: openssl-users@openssl.org
Subject: [EXTERNAL] Re: Need Replacement for Deprecated function.
On 29/11
rams into DH params");
break;
}
break;
}
#endif /* !OPENSSL_NO_DSA */
if (dh == NULL) {
wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file "
"'%s'", dh_file);
return -1;
////
-------
From: Matt Caswell
Sent: Monday, December 6, 2021 7:19 PM
To: Shivakumar Poojari ; openssl-users@openssl.org
Cc: Amballi, Kishor ; Bhattacharjee, Debapriyo (c)
; Kumar Mishra, Sanjeev
Subject: [EXTERNAL] Re: Need Replacement for Deprecated function
On 06/12/2021 12:26, Shivakumar Poojari wro
First, to get intelligible text errors, replace your initial call with
ERR_load_crypto_strings(). The ERR_load_ERR_strings call doesn't even
seem to be documented, likely because it only loads the strings
associated with the ERR API, and you likely need PEM and BIO error
strings. When I did this,
att Caswell
Sent: Friday, September 3, 2021 1:25 PM
To: Shivakumar Poojari ; openssl-users@openssl.org
Cc: Paramashivaiah, Sunil ; Bhattacharjee,
Debapriyo (c)
Subject: [EXTERNAL] Re: Replacement for CRYPTO_thread_id() &
ERR_get_error_line_data() for openssl3.0
On 03/09/2021 05:58, Shi
---
*From:* Matt Caswell
*Sent:* Friday, September 3, 2021 1:25 PM
*To:* Shivakumar Poojari ;
openssl-users@openssl.org
*Cc:* Paramashivaiah, Sunil ;
Bhattacharjee, Debapriyo (c)
*Subject:* [EXTERNAL] Re: Replacement for CRYPTO_thread_id() &
ERR_get_error_line_data() for ope
Thanks Matt!!
your suggestions are very helpful.
From: Matt Caswell
Sent: Tuesday, October 5, 2021 1:20 PM
To: Shivakumar Poojari ; openssl-users@openssl.org
Cc: Paramashivaiah, Sunil ; Kumar Mishra,
Sanjeev ; Bhattacharjee, Debapriyo (c)
Subject: [EXTERNAL
ttacharjee, Debapriyo (c)
Subject: [EXTERNAL] Re: Alternative for structure opaque X509 & X509_STORE_CTX
On 05/10/2021 05:24, Shivakumar Poojari wrote:
> :error: invalid use of incomplete type 'X509' {aka 'struct x509_st'}
> if (x->ocsp && x->ocs
ee,
Debapriyo (c)
*Subject:* [EXTERNAL] Re: Alternative for structure opaque X509 &
X509_STORE_CTX
On 05/10/2021 05:24, Shivakumar Poojari wrote:
:error: invalid use of incomplete type 'X509' {aka 'struct x509_st'}
if (x->ocsp && x->ocsp->ocsp_url)
ify_cb = X509_STORE_get_verify_cb(ctx);
Thanks
Shiva kumar
From: Matt Caswell
Sent: Friday, October 8, 2021 8:41 PM
To: Shivakumar Poojari ; openssl-users@openssl.org
Cc: Paramashivaiah, Sunil ; Kumar Mishra,
Sanjeev ; Bhattacharjee, Debapriyo (c)
Subject: Re: [EXTERN
i set this return value.
>
> thanks,
> Saketh.
> From: Tomas Mraz
> Sent: Wednesday, February 9, 2022 4:59 PM
> To: Srinivas, Saketh (c) ;
> openssl-users@openssl.org
> Subject: [EXTERNAL] Re: does Openssl 3.0 has backward compatiblity.
> The PKCS12 files use algorithms
> > It is not clear what threat model warrants taking special action when
> > the client certificate is not requested. It could equally be
> > requested and then largely ignored.
>
> A client in a highly secured network knows that every server it connects to
> will
> require a client certificate
On Fri, 2022-09-02 at 00:22 +, Wall, Stephen wrote:
> > A compromised server could easily still request the client
> > certificate, no?
> > But as noted, even a compromised server can ask for client
> > credentials and then
>
> Yes, that's true. If the intruder knew to do so. Also, a thief c
@openssl.org
Subject: [External] Re: [openssl-users] Correct the check of RSA_FLAG_SIGN_VER
In message
on Tue, 3 Apr 2018 22:55:06 +, "Eichenberger, John"
said:
John.Eichenberger> Honeywell Internal
John.Eichenberger>
John.Eichenberger> I think I have an answer for why th
henberger
Intermec by Honeywell
Principal Engineer: Sustaining Engineering
425.921.4507
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Eichenberger, John
Sent: Wednesday, April 04, 2018 9:07 AM
To: openssl-users@openssl.org
Subject: Re: [openssl
The key itself is good. Its encoding in the CSR isn't.
Looks like the public key was X9.62 encoded in its uncompressed form (i.e.
start with a 04 octet, and then the octets composing the x and y coordinates),
and then wrapped into an ASN.1 OCTET STRING (i.e. use the 04 tag, plus a 0x41
length, a
lt;THIS FAILS
syslog(LOG_NOTICE, "%s %s", phase, desc);
return 0;
}
ret = 1;
err:
return ret;
}
Thanks,
Ashish
From: openssl-users On Behalf Of Dr Paul
Dale
Sent: Tuesday, February 8, 2022 1:35 PM
To: openssl-users@openssl.org
Subject:
s *On Behalf
Of *Dr Paul Dale
*Sent:* Tuesday, February 8, 2022 1:35 PM
*To:* openssl-users@openssl.org
*Subject:* [EXTERNAL] Re: Not able to perform FIPS self-tests
Have you considered using the provided for this:
OSSL_PROVIDER_self_test()?
https://www.openssl.org/docs/man3.0/man3/OSSL_PROVID
// ß--THIS FAILS
syslog(LOG_NOTICE, "%s %s", phase, desc);
return 0;
}
ret = 1;
err:
return ret;
}
Thanks,
Ashish
*From:* openssl-users *On Behalf
Of *Dr Paul Dale
*Sent:* Tuesday, February 8, 2022 1:35 PM
*To:* openssl-us
3. märts 2022 13:55
To: Helde, Paavo ; openssl-users@openssl.org
Subject: [External] Re: SSL_connect() failing on SSL3_MT_NEWSESSION_TICKET on
Raspberry Pi
Use caution when opening links or attachments.
On 23/03/2022 07:39, Helde, Paavo via openssl-users wrote:
> Hi,
>
> We are in a
On 23/03/2022 12:39, Helde, Paavo via openssl-users wrote:
It would be interesting to see what output you get from s_client when you use the
"-trace" argument.
Also, is this TLSv1.3 specific? If you add the argument "-no_tls1_3" to
s_client does it start working?
Thanks for looking into th
> Some things you could try:
> - Do you have an alternative compiler you could use? If its a compiler bug
> then swapping to a different compiler might resolve it
Compiler is regular gcc 10.2.1.
> - I notice that you are using the latest master version 3.1.0-dev. The master
> branch is where al
On 23/03/2022 14:00, Helde, Paavo wrote:
- I notice that you are using the latest master version 3.1.0-dev. The master
branch is where all dev work goes on and consequently may be unstable. You
might be better off using the latest 3.0 stable version, i.e. 3.0.2
Thanks Matt, downgrading to
> Great! That does suggest an unknown bug exists in master though...
>
>If you can manage it would be useful for us if you tried the latest master
>version of OpenSSL with the "no-asm" config option. My guess is new assembler
>code might be the cause of this. If turning off assembler resolves the
On 23/03/2022 18:08, Helde, Paavo wrote:
Great! That does suggest an unknown bug exists in master though...
If you can manage it would be useful for us if you tried the latest master version of
OpenSSL with the "no-asm" config option. My guess is new assembler code might
be the cause of thi
i am using openssl 3.0
From: openssl-users on behalf of Matt
Caswell
Sent: Tuesday, February 15, 2022 6:45 PM
To: openssl-users@openssl.org
Subject: [EXTERNAL] Re: need some help with the block size value
On 15/02/2022 12:13, Srinivas, Saketh (c) wrote:
>
On Fri, 2018-11-30 at 23:55 +, Michael Wojcik wrote:
> > "Self-signed certificate in certificate chain" does not to me
> > > convey "No
> > > certificate hash links" (or "CA certificate not found in hash
> > > links").
> >
> Viktor's points are all good ones, but considering how often this
> p
> On Nov 30, 2018, at 7:33 PM, Sands, Daniel via openssl-users
> wrote:
>
>> Viktor's points are all good ones, but considering how often this
>> particular message causes confusion for users and developers (at
>> least in my experience), I wonder whether changing the text to
>> "Untrusted self-
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Viktor Dukhovni
> Sent: Friday, November 30, 2018 18:38
>
> Are there compatibility concerns around changing error message
> text for which users may have created regex patterns in scripts?
>
> I agree the text could be
On Sat, Dec 01, 2018 at 07:12:24PM +, Michael Wojcik wrote:
> > Are there compatibility concerns around changing error message
> > text for which users may have created regex patterns in scripts?
> >
> > I agree the text could be better, but not sure in what releases
> > if any to change the t
On Fri 2018-11-30 20:38:01 -0500, Viktor Dukhovni wrote:
> Are there compatibility concerns around changing error message
> text for which users may have created regex patterns in scripts?
I advocate making the error message in english more comprehensible.
Michael Wojcik's suggestion of "Untruste
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Viktor Dukhovni
> Sent: Saturday, December 01, 2018 13:53
>
> On Sat, Dec 01, 2018 at 07:12:24PM +, Michael Wojcik wrote:
>
> > > Are there compatibility concerns around changing error message
> > > text for which u
boun...@openssl.org] On Behalf Of
Michael Wojcik
Sent: Monday, December 3, 2018 7:22 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] [EXTERNAL] Re: Self-signed error when using
SSL_CTX_load_verify_locations CApath
> From: openssl-users [mailto:openssl-users-boun...@openssl.or
On Sat, 2018-12-01 at 15:53 -0500, Viktor Dukhovni wrote:
> On Sat, Dec 01, 2018 at 07:12:24PM +, Michael Wojcik wrote:
>
> > > Are there compatibility concerns around changing error message
> > > text for which users may have created regex patterns in scripts?
> > >
> > > I agree the text co
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Charles Mills
> Sent: Monday, December 03, 2018 10:53
>
> I appreciate it. OpenSSL is of course a great product but it can be a little
> mystifying to debug.
If I were ever to write a book about OpenSSL, "a great produ
> On Dec 3, 2018, at 1:47 PM, Sands, Daniel via openssl-users
> wrote:
>
> Just wondering, is there a different error for an untrusted cross-
> signed root? If it's the same error, then maybe remove "self-signed"
> from the above message too, because that would not always be the case
> either.
users-boun...@openssl.org] On Behalf Of
Michael Wojcik
Sent: Monday, December 3, 2018 10:58 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] [EXTERNAL] Re: Self-signed error when using
SSL_CTX_load_verify_locations CApath
> From: openssl-users [mailto:openssl-users-boun...@openssl.o
On 01/12/2018 21:53, Viktor Dukhovni wrote:
On Sat, Dec 01, 2018 at 07:12:24PM +, Michael Wojcik wrote:
Are there compatibility concerns around changing error message
text for which users may have created regex patterns in scripts?
I agree the text could be better, but not sure in what rel
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Jakob Bohm via openssl-users
> Sent: Tuesday, December 04, 2018 08:15
> > Care to create a PR against the "master" branch? Something
> > along the lines of:
> >
> > "Provided chain ends with untrusted self-signed
> "Provided chain ends with unknown self-signed certificate".
I like this.
IMHO "unrecognized" would be more confusing.
I hope the team makes up their mind quickly.
On 12/4/18, 6:17 PM, "openssl-users on behalf of Michael Wojcik"
wrote:
> From: openssl-users [mailto:openssl-users-
On Tue, Dec 04, 2018 at 04:15:11PM +0100, Jakob Bohm via openssl-users wrote:
> > Care to create a PR against the "master" branch? Something
> > along the lines of:
> >
> > "Provided chain ends with untrusted self-signed certificate"
> >
> > or better. Here "untrusted" might mean not truste
On 05/12/2018 00:50, Viktor Dukhovni wrote:
On Tue, Dec 04, 2018 at 04:15:11PM +0100, Jakob Bohm via openssl-users wrote:
Care to create a PR against the "master" branch? Something
along the lines of:
"Provided chain ends with untrusted self-signed certificate"
or better. Here "untrus
From: Benjamin Kaduk
Sent: Thursday, September 3, 2020 5:12 PM
To: Yury Mazin
Cc: openssl-users@openssl.org
Subject: [EXTERNAL] - Re: Question about TLS 1.3 and openssl -cipher aNULL
option
On Thu, Sep 03, 2020 at 11:45:28PM +, Yury Mazin via openssl-users wrote:
> He
On Fri, Sep 04, 2020 at 07:00:01PM +, Yury Mazin via openssl-users wrote:
> Thank you Benjamin,
>
> According to OpenSSL , aNULL stands for no-authentication.
Specifically, SSL 3.0 through TLS 1.2 ciphers in which the server and
client exchange no certificates, and the TLS handshake consists
Viktor,
Thank you for clarifying it.
Yury
From: openssl-users on behalf of Viktor
Dukhovni
Sent: Friday, September 4, 2020 12:10 PM
To: openssl-users@openssl.org
Subject: Re: [EXTERNAL] - Re: Question about TLS 1.3 and openssl -cipher aNULL
option
On Fri
Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
From: Yury Mazin
Sent: Friday, September 4, 2020 12:43 PM
To: openssl-users@openssl.org
Subject: Re: [EXTERNAL] - Re: Question about TLS 1.3 and openssl -cipher aNULL
optio
openssl-users@openssl.org
> Subject: Re: [EXTERNAL] - Re: Question about TLS 1.3 and openssl
> -cipher aNULL option
>
> On Fri, Sep 04, 2020 at 07:00:01PM +, Yury Mazin via openssl-
> users wrote:
>
> > Thank you Benjamin,
> >
> > According to OpenSSL
On Tue, Sep 08, 2020 at 05:39:51PM +, Yury Mazin via openssl-users wrote:
> I have a question based on the response provided to me:
>
> My question is why following openssl commands (version 1.1.1f) return
> those TLSv1.3 ciphers as offering no authentication and no encryption?
It does not.
Viktor,
Thank you.
Yury
From: openssl-users on behalf of Viktor
Dukhovni
Sent: Tuesday, September 8, 2020 10:56 AM
To: openssl-users@openssl.org
Subject: Re: [EXTERNAL] - Re: Question about TLS 1.3 and openssl -cipher aNULL
option
On Tue, Sep 08, 2020 at
; openssl-users@openssl.org
Subject: [EXTERNAL] Re: SSL error (78c0100): malloc failure while implementing
tls 1.3
On 16/06/2022 05:52, Ramaiah, Ravichandran Bagalur wrote:
>
> *SSL error (78c0100): malloc failure
Do you get anything in the OpenSSL error stack for this (e.g. try
"ERR_prin
_
From: Ramaiah, Ravichandran Bagalur
Sent: Wednesday, June 29, 2022 12:55 PM
To: Matt Caswell ; openssl-users@openssl.org
Subject: RE: [EXTERNAL] Re: SSL error (78c0100): malloc failure while
implementing tls 1.3
Hi Matt,
Below is the error I got
On Thu, Oct 06, 2022 at 05:09:21PM +, John Gray wrote:
> For a use case like an HSM or TPM where private keys can never leave
> rules out option 1 (plus who wants to send their private key anyway
> unless it is for server backup or escrow purposes). Option 3 would
> work but is bad for CT log
On Sun, 2018-01-14 at 18:26 -0500, Chris B wrote:
Hi Matt,
>If you *are* using 1.1.0 then the default digest was changed between 1.0.2 and
>1.1.0.
Awesome thought, but I'm also using 1.0.2:
$ openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
(I also tried adding -md md5 to the previous command,
Hi Daniel,
>Option #1 from the possibilities you mentioned below seems to be the most
logical to me.
Thank you, that's very helpful.
Thanks,
Chris
On Mon, Jan 15, 2018 at 1:29 PM, Sands, Daniel wrote:
> On Sun, 2018-01-14 at 18:26 -0500, Chris B wrote:
>
> Hi Matt,
>
> >If you *are* using 1.1.
Thank you to everyone that has weighed in on my question. Unfortunately, I
have yet to find an answer that I'm fully satisfied with.
I'm trying a different approach: I would like to create a sample encrypted
Ethereum private key that shares the same 132 character PEM format as the
string I'm tryi
OL/PSS/MNL]
Cc: openssl-users@openssl.org
Subject: [EXTERNAL] Re: Can OpenSSL handle multiple authentication mechanisms
on the same SSL context?
On Tue, Jun 22, 2021 at 04:18:25AM +, Revestual, Raffy [AUTOSOL/PSS/MNL]
wrote:
> Also asked this question in stackoverflow.com
>
> h
AUTOSOL/PSS/MNL]
Subject: [EXTERNAL] RE: Can OpenSSL handle multiple authentication mechanisms
on the same SSL context?
> We are trying to support a server that would support PSK and SRP
> authentication mechanisms.
[...]
> Would multiple callbacks for different mechanisms work simul
V Sat, Sep 11, 2021 at 09:43:56PM -0700, Erik Forsberg napsal(a):
Must be SPARC-specific, all tests pass on my x86/x64 Solaris 11.4 using latest
GCC (11.2)
according the latest buildbot results the tests pass
https://fips.buildbot.openssl.org/#/builders/45/builds/370/steps/5/logs/stdio
61
penssl.org
Subject: [EXTERNAL] Re: Need Help for Code Changes to Upgrade from OpenSSL
1.0.2 to 3.0
On 25/10/2021 05:45, Paramashivaiah, Sunil wrote:
> Hi All,
>
> I need get APIs for accessing the members of EVP_PKEY.
> Please suggest APIs to get following members of EVP_P
{
ecGrpId = EC_GROUP_get_curve_name(evpKey->pkey.ec->group);
/* some code follows*/
Thanks and Regards,
Sunil
-Original Message-
From: Matt Caswell
Sent: Monday, October 25, 2021 2:23 PM
To: Paramashivaiah, Sunil ;
openssl-user
rom: Matt Caswell
Sent: Monday, October 25, 2021 3:03 PM
To: Paramashivaiah, Sunil ;
openssl-users@openssl.org
Cc: Kumar Mishra, Sanjeev
Subject: Re: [EXTERNAL] Re: Need Help for Code Changes to Upgrade from OpenSSL
1.0.2 to 3.0
Caveat: I've not tested or compiled the following...but so
.html
Matt
Please let me know the Openssl 3.0 API's for the same.
Thanks and Regards,
Sunil
-Original Message-
From: Matt Caswell
Sent: Monday, October 25, 2021 3:03 PM
To: Paramashivaiah, Sunil ;
openssl-users@openssl.org
Cc: Kumar Mishra, Sanjeev
Subject: Re: [EXTERNAL]
> Well at first sight that looks like an IMPLICIT tag which replaces
> the normal
> tag with the context specific value. It is not possible to determine
> the
> underlying type from the encoding itself as it has been replaced. So
> you need
> the ASN.1 spec to see the appropriate type to use.
>
>
On Wed, Sep 02, 2015, Sands, Daniel wrote:
> > Well at first sight that looks like an IMPLICIT tag which replaces
> > the normal
> > tag with the context specific value. It is not possible to determine
> > the
> > underlying type from the encoding itself as it has been replaced. So
> > you need
>
96 matches
Mail list logo
