On 08/04/2015 02:06, Jeffrey Walton wrote:
On Tue, Apr 7, 2015 at 1:15 PM, David Rueter drue...@assyst.com wrote:
Is OpenSSL in its own DLL/DLLs?
Yes, the OpenSSL DLL’s libeay32.dll and ssleay32.dll are used, and in fact I
have updated them to 1.0.2a
Yes, performing my own build on these
You also have the option of using Thomas Hruska's Win32-OpenSSL at
https://slproweb.com/products/Win32OpenSSL.html.
Thomas makes 1.0.2a available for download on his site.
Not useful! Those are default builds with SSL3 enabled.
The suggestion was to buildOpenSSL with the unwanted
features
-boun...@openssl.org] On Behalf Of
Viktor Dukhovni
Sent: Monday, April 06, 2015 7:44 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Disable SSL3 and enable TLS1? / Ambiguous
DES-CBC3-SHA
On Mon, Apr 06, 2015 at 05:11:22PM -0700, David Rueter wrote:
I would like to disable SSL3
On 07/04/2015 17:09, David Rueter wrote:
You're confusing SSLv3 the protocol, with SSLv3 ciphersuites.
Yes, I admit I am not distinguishing between these. However, !SSLv3 in the
cipher list does evidently disable the SSLv3 protocol as well--as evidenced
by testing with
On Tue, Apr 07, 2015 at 08:09:31AM -0700, David Rueter wrote:
You're confusing SSLv3 the protocol, with SSLv3 ciphersuites.
Yes, I admit I am not distinguishing between these. However, !SSLv3 in the
cipher list does evidently disable the SSLv3 protocol as well--as evidenced
by testing
Dukhovni
Sent: Tuesday, April 07, 2015 8:32 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Disable SSL3 and enable TLS1? / Ambiguous
DES-CBC3-SHA
On Tue, Apr 07, 2015 at 08:09:31AM -0700, David Rueter wrote:
You're confusing SSLv3 the protocol, with SSLv3 ciphersuites.
Yes, I admit I
these.
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Jakob Bohm
Sent: Tuesday, April 07, 2015 9:57 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Disable SSL3 and enable TLS1? / Ambiguous
DES-CBC3-SHA
On 07/04/2015 17:09, David Rueter wrote:
You're
On Tue, Apr 7, 2015 at 1:15 PM, David Rueter drue...@assyst.com wrote:
Is OpenSSL in its own DLL/DLLs?
Yes, the OpenSSL DLL’s libeay32.dll and ssleay32.dll are used, and in fact I
have updated them to 1.0.2a
Yes, performing my own build on these DLL’s is an option, and I may pursue
it. I
...@openssl.org] On Behalf Of
James
Sent: Monday, April 06, 2015 6:45 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Disable SSL3 and enable TLS1? / Ambiguous
DES-CBC3-SHA
Hi,
Can you try this option
SSL_CTX_set_options(m_SslCtx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
instead of disabling
I would like to disable SSL3 (to prevent POODLE attacks), but I would like
to leave TLS1 enabled (particularly DES-CBC3-SHA, AES128-SHA and
AES256-SHA).
However disabling SSL3 with !SSLv3 disables TLSv1 also. Furthermore,
disabling SSL3 with -SSLv3 then adding in individual ciphers such as
Hi,
Can you try this option
SSL_CTX_set_options(m_SslCtx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
instead of disabling using the cipher list
regards,
James Arivazhagan
On Tue, Apr 7, 2015 at 5:41 AM, David Rueter drue...@assyst.com wrote:
I would like to disable SSL3 (to prevent POODLE
On Mon, Apr 06, 2015 at 05:11:22PM -0700, David Rueter wrote:
I would like to disable SSL3 (to prevent POODLE attacks), but I would like
to leave TLS1 enabled (particularly DES-CBC3-SHA, AES128-SHA and
AES256-SHA).
You're confusing SSLv3 the protocol, with SSLv3 ciphersuites. To disable
the
Hi,
Some time back, to fix POODLE, I tried to fix with cipher suite, but still
I can use the the protocol SSLv3.
The server responds with
openssl s_client -connect ip:port -ssl3
So The fix should come using SSL_CTX_set_options. I understand since you
are using the compiled binary, you may not be
13 matches
Mail list logo
