Re: Information on Build.info

A very simple answer would be to have 'no-shared' as a configuration option. That does mean that no shared libraries will be built, and that might not be satisfactory. Any, for the question "what would happen?" is that any program or module that get this change will be linked with the static lib

Re: Information on Build.info

Have you tried it? It's the simplest way to find out what would happen, though it's a very strange thing to do. It's almost certainly not the best way to do whatever you're trying to do. If you take a step back and tell us what you are trying to achieve overall you'll be more likely to get use

Information on Build.info

Hi, Actually I wanted to know how build.info file in each directory such as apps, engines etc, will used generate the Make file, what would happen If I wanted to change the build.info file 1) in openssl/*apps/build.info * what would happen if I change *DEPEND[openssl]=libapps.a

Requesting information regarding OpenSSL upgrade

Hi All, We are currently using OpenSSL version 1.0.2j. Since OpenSSL 1.0.2 support is going to be stopped by end of this year, we are planning to upgrade to 1.1.1c version. We are using Compiler GCC 3.4.3 in Linux and vc6 in Windows. Can we go ahead with these compiler versions while upgra

Re: [openssl-users] request for TLBleed information / non-constant-time vulnerabilities

to TLBleed? Specifically? Not much. It goes more to the general principle that systems leak information as they do work. Ultimately it comes down to thermodynamics, and you never bet against thermodynamics. -- Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list

Re: [openssl-users] request for TLBleed information / non-constant-time vulnerabilities

s complicated and likely to be durable. > What does this confirm (or not confirm) about openssl's vulnerability > (or knowable status) to TLBleed? Specifically? Not much. It goes more to the general principle that systems leak information as they do work. Ultimately it comes down to

Re: [openssl-users] request for TLBleed information / non-constant-time vulnerabilities

On 07/27/2018 01:44 PM, Michael Wojcik wrote: From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Jakob Bohm Sent: Friday, July 27, 2018 11:52 And once you have done all that work to protect the cryptographic library, the CPU vulnerability still allows the attacker to o

Re: [openssl-users] request for TLBleed information / non-constant-time vulnerabilities

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Jakob Bohm > Sent: Friday, July 27, 2018 11:52 > > And once you have done all that work to protect the cryptographic > library, the CPU vulnerability still allows the attacker to observer > the non-cryptographic applica

Re: [openssl-users] request for TLBleed information / non-constant-time vulnerabilities

On 27/07/2018 16:20, Michael R. Hines via openssl-users wrote: On 07/27/2018 09:12 AM, Michael Wojcik wrote: We're trying to decide if we can avoid disabling hyperthreading, as our measurements show that the performance losses (even with integer workloads) are significant. Might anyone be ab

Re: [openssl-users] request for TLBleed information / non-constant-time vulnerabilities

On 07/27/2018 09:12 AM, Michael Wojcik wrote: We're trying to decide if we can avoid disabling hyperthreading, as our measurements show that the performance losses (even with integer workloads) are significant. Might anyone be able to comment on this particular type of attack in OpenSSL? Ce

Re: [openssl-users] request for TLBleed information / non-constant-time vulnerabilities

> From: Michael R. Hines [mailto:mrhi...@digitalocean.com] > Sent: Friday, July 27, 2018 07:48 > > > On 07/27/2018 08:35 AM, Michael Wojcik wrote: > > > > (I'm only commenting on TLBleed here because I'm not sure what you > > mean by "non-constant-time attack". TLBleed isn't a timing side channel,

Re: [openssl-users] request for TLBleed information / non-constant-time vulnerabilities

On 07/27/2018 08:35 AM, Michael Wojcik wrote: Our team is trying to get an accurate understanding of whether or not cryptographic libraries are vulnerable to the kind of non-constant-time attack used by exploits such as the one recently documented here: https://www.vusec.net/wp-content/uploads/

Re: [openssl-users] request for TLBleed information / non-constant-time vulnerabilities

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Michael R. Hines via openssl-users > Sent: Thursday, July 26, 2018 14:49 > > Our team is trying to get an accurate understanding of whether or not > cryptographic libraries are vulnerable to the kind of non-constant-tim

[openssl-users] request for TLBleed information / non-constant-time vulnerabilities

Good afternoon, Our team is trying to get an accurate understanding of whether or not cryptographic libraries are vulnerable to the kind of non-constant-time attack used by exploits such as the one recently documented here: https://www.vusec.net/wp-content/uploads/2018/07/tlbleed-author-prepri

[openssl-users] Independent review of the Defence Trade Controls Act 2012 (Cth), call for information for submission as a case study from the openssl community.

ly or by post, electronic lodgement is preferred. Submissions will be published on this website as they are received. Comments on submissions can be made to Dr Thom by email to dtcact.rev...@defence.gov.au All information (including name and address details) contained in submissions will b

Re: [openssl-users] Windows shared libraries version information needs some fixes

After your forth commit, seems all is working fine. Exe and dlls with, and correct, version information now. Thanks. On 21/03/2018 02:08, Salz, Rich via openssl-users wrote: Please look athttps://github.com/openssl/openssl/pull/5704 and see if it fixes the issues. -- openssl-users mailing

Re: [openssl-users] Windows shared libraries version information needs some fixes

On 21/03/18 09:36, Matt Caswell wrote: > > > On 21/03/18 00:45, RTT wrote: >> Hello, >> >> Building the shared libraries (version 1.1.1 pre 3) for Windows with >> Visual Studio, targets VC-WIN32 or VC-WIN64A, result in DLLs with >> version inform

Re: [openssl-users] Windows shared libraries version information needs some fixes

On 21/03/18 00:45, RTT wrote: > Hello, > > Building the shared libraries (version 1.1.1 pre 3) for Windows with > Visual Studio, targets VC-WIN32 or VC-WIN64A, result in DLLs with > version information with outdated copyright date, i.e. "Copyright > 1998-2016 The Open

Re: [openssl-users] Windows shared libraries version information needs some fixes

DLLs with version information with outdated copyright date, i.e. "Copyright 1998-2016 The OpenSSL Authors. All rights reserved", and the file description as "OpenSSL application" instead of "OpenSSL shared library". The version information re

[openssl-users] Windows shared libraries version information needs some fixes

Hello, Building the shared libraries (version 1.1.1 pre 3) for Windows with Visual Studio, targets VC-WIN32 or VC-WIN64A, result in DLLs with version information with outdated copyright date, i.e. "Copyright 1998-2016 The OpenSSL Authors. All rights reserved", and the file desc

Re: [openssl-users] Information to detach a BIO from fd

Hi All, We resolved the issue by using SSL_peek which does not clear the bio after read and we could also get the peer information after calling this API. This helped us differentiate the peer connections. Thanks for the multiple suggestions provided. Thanks, Grace On Tue, Jan 16, 2018 at 12:34

Re: [openssl-users] Information to detach a BIO from fd

Hi Michael, The connections are from different peers and we are unable to use same SSL. Also getpeername on the UDP does not work as we have enabled SSL for the sender peer socket. Any suggestions to resolve this? When we have 2 SSL associated to a fd through BIO, on which BIO does the openssl do

Re: [openssl-users] Fwd: Information to detach a BIO from fd

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Michael Richardson > Sent: Saturday, January 13, 2018 16:34 > > > On 12-Jan-2018, at 6:45 PM, Michael Wojcik > > wrote: > >> Don't create the BIO immediately. Use getpeername on the socket > >> descript

Re: [openssl-users] Information to detach a BIO from fd

Grace Priscilla Jero wrote: > Below is our scenario on DTLS. > We have multiple connections to the same server. We have mapped one fd > to the ssl in the server to receive all connections. Are these connections from the same client (same 5-tuple), or are you just talking about multi

Re: [openssl-users] Fwd: Information to detach a BIO from fd

Priscilla Hero wrote: > Hi Michael, Without doing ssl_accept on the ssl will getpeername work? ssl_accept() processes the packets on the socket. getpeername() on a (Unix) socket will always work. However, getpeername() on a UDP socket won't produce anything unless the socket was connect(2)'

Re: [openssl-users] Fwd: Information to detach a BIO from fd

J Decker wrote: > I'm not 100% sure what you're doing I'd imagine that if SSL was > managing the fd's you wouldn't have this issue. You hvae to call > accept() to get a new FD... and you'll only get that once, so when you > accept() you should attach the bio and call ssl_accept()

Re: [openssl-users] Fwd: Information to detach a BIO from fd

n Fri, Jan 12, 2018 at 5:52 PM, Priscilla Hero wrote: > > > Hi Michael, > Without doing ssl_accept on the ssl will getpeername work? Also using the > existing ssl with ssl_accept for the first connection we don’t get the > information of second peer. Thus we ended up creating n

Re: [openssl-users] Fwd: Information to detach a BIO from fd

Hi Michael, Without doing ssl_accept on the ssl will getpeername work? Also using the existing ssl with ssl_accept for the first connection we don’t get the information of second peer. Thus we ended up creating new bio/ssl each time we get a request. Any suggestions? Thanks, Grace On 12

Re: [openssl-users] Fwd: Information to detach a BIO from fd

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Grace Priscilla Jero > Sent: Friday, January 12, 2018 07:04 > Whenever a connect is initiated from any client we need to know if it is > already connected client or a new client. > We are doing this by  > • creatin

[openssl-users] Fwd: Information to detach a BIO from fd

Hi All, Below is our scenario on DTLS. We have multiple connections to the same server. We have mapped one fd to the ssl in the server to receive all connections. Whenever a connect is initiated from any client we need to know if it is already connected client or a new client. We are doing this

Re: [openssl-users] Information to detach a BIO from fd

Grace Priscilla Jero Sent: Friday, January 12, 2018 8:49 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] Information to detach a BIO from fd Hi Michael, Below is our scenario on DTLS. We have multiple connections to the same server. We have mapped one fd to the ssl in the server to

Re: [openssl-users] Information to detach a BIO from fd

Hi Michael, Below is our scenario on DTLS. We have multiple connections to the same server. We have mapped one fd to the ssl in the server to receive all connections. Whenever a connect is initiated from any client we need to know if it is already connected client or a new client. We are doing t

Re: [openssl-users] Information to detach a BIO from fd

Grace Priscilla Jero wrote: > We are having a scenario wherein we are having 2 BIOs for DTLS > attached to the same fd. Each BIO has a different SSL associated with > it. The messages are getting written to different BIO each time and we > are trying to resolve it. > Is there

[openssl-users] Information to detach a BIO from fd

Hi All, We are having a scenario wherein we are having 2 BIOs for DTLS attached to the same fd. Each BIO has a different SSL associated with it. The messages are getting written to different BIO each time and we are trying to resolve it. Is there a API or any way to detach one of the BIO/SSL from

Re: [openssl-users] Extracting Handshake Information

On Tue, Mar 14, 2017, Vijayakumar Kaliaperumal wrote: > Hello, > > Is there a way in openssl we can extract the protocol(TLS/DTLS ) handshake > information, like in clienthello, the protocol version, ciphersuites > offered, Random, session id etc. > You can get some usefu

Re: [openssl-users] Extracting Handshake Information

> Is there a way in openssl we can extract the protocol(TLS/DTLS ) handshake > information, like in clienthello,  the protocol version, ciphersuites > offered, Random,  session id etc. Look at the code in apps/s_client and apps/s_server and see what it prints in various de

[openssl-users] Extracting Handshake Information

Hello, Is there a way in openssl we can extract the protocol(TLS/DTLS ) handshake information, like in clienthello, the protocol version, ciphersuites offered, Random, session id etc. Regards, Vijay -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl

Re: [openssl-users] [openssl] no version information available warning

On 18/07/16 14:56, Grzegorz Krajewski wrote: > Helo there! > > After installing from source openssl-1.0.1t which I downloaded > from openssl.org <http://openssl.org/>, I'm getting "runtime error": > * /lib64/libcrypto.so.10: no version information a

[openssl-users] [openssl] no version information available warning

Helo there! After installing from source openssl-1.0.1t which I downloaded from openssl.org, I'm getting "runtime error": * /lib64/libcrypto.so.10: no version information available (required by executedTool)* Before installation I had openssl-1.0.1e Flow how I build it:

[openssl-users] Need Information on validation for OpenSSL FIPS

Hi Team, I read through the content on "OpenSSL" page regarding the 'hostage', 'ransom' and 'aftermath' details. As I understand it, the currently active 'SE version' or #2398 (2.0.12) has been validated/certified only on 23 new platforms (as per its 'Security Policy' pdf on NIST site) and the

[openssl-users] Debug information in pdb file

Hi all, Is there an 'official' way (or at least some recommended modification to the build scripts) to generate pdb files with the same name of the libraries? This question has been asked in the past. I wonder if there is really no straightforward solution, or am I missing something? I'm using O

Re: [openssl-users] Need more information on CVE-2016-2842

Thanks for the information Matt. Regards Sandeep From: Matt Caswell To: openssl-users@openssl.org Date: 04/12/2016 12:44 AM Subject:Re: [openssl-users] Need more information on CVE-2016-2842 Sent by:"openssl-users" On 11/04/16 19:12, Sandeep Umesh wrot

Re: [openssl-users] Need more information on CVE-2016-2842

On 11/04/16 19:12, Sandeep Umesh wrote: > Hello > > Can someone please provide more information on CVE-2016-2842? Is this > different from CVE-2016-0799 ? Looks like this CVE information is not > captured in the advisory - > _http://openssl.org/news/secadv/20160301.txt_ &g

[openssl-users] Need more information on CVE-2016-2842

Hello Can someone please provide more information on CVE-2016-2842? Is this different from CVE-2016-0799 ? Looks like this CVE information is not captured in the advisory - http://openssl.org/news/secadv/20160301.txt Also, does this below patch fixes both CVE-2016-2842 and CVE-2016-0799

[openssl-users] Need some information about TLS with AES-GCM

Hello, I'm running server and client and they communicate using DTLS over UDP and cipher suite in use is AES-GCM-SHA384. What i want to do here is to decrypt the packets which are sent by the client but i keep failing to do so. To do this i obviously need the clients write key, nonce, the actual

Re: [openssl-users] Need information on AES encryption and decryption Key and IV type

oun...@openssl.org] De la part de Sugumar Envoyé : vendredi 26 février 2016 17:30 À : openssl-users@openssl.org Objet : [openssl-users] Need information on AES encryption and decryption Key and IV type Hi,, I am using Openssl for encryption and decryption. I need some information on AES encryption

[openssl-users] Need information on AES encryption and decryption Key and IV type

Hi,, I am using Openssl for encryption and decryption. I need some information on AES encryption and decryption key and iv type. My doubt is when we are using a openssl in command line we need to pass key and iv as hex strings right? and same when we are EVP calls in C/C++ programming what is the

Re: [openssl-users] no version information available error

-users] no version information available error Thanks Jakob for the detailed info. On Thu, Feb 11, 2016 at 7:50 AM, Jakob Bohm mailto:jb-open...@wisemo.com>> wrote: On 10/02/2016 22:46, cloud force wrote: Hi Everyone, I installed the FIPS capable openssl library (which was built by myself)

Re: [openssl-users] no version information available error

;> For some reason, I keep running into the following errors whenever I run >> ssh related command: >> >> >> ssh: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version >> information available (required by ssh) >> >> >> The same error happen

Re: [openssl-users] no version information available error

.1.0.0: no version information available (required by ssh) The same error happens when I ran openssl command such as the following: linux-fips@ubuntu:/usr/local/ssl/lib$ openssl ciphers -v | wc -l openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version information available (required by

[openssl-users] no version information available error

Hi Everyone, I installed the FIPS capable openssl library (which was built by myself) on my Ubuntu linux box. For some reason, I keep running into the following errors whenever I run ssh related command: ssh: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version information available (required

Re: [openssl-users] Certificate template information

Hi Jakob, Thanks for the feedback, what you say makes sense, so I'll try and avoid the non-standard Microsoft thing. Apologies for the top - posting, I get so used to pressing reply. Kinds regards, Andy ___ openssl-users mailing list To unsubscrib

Re: [openssl-users] Certificate template information

enssl-users-boun...@openssl.org] On Behalf Of Jakob Bohm Sent: 28 April 2015 04:17 To: openssl-users@openssl.org Subject: Re: [openssl-users] Certificate template information On 28/04/2015 02:59, Salz, Rich wrote: I have need to identify a Microsoft generated certificate's template name, I

Re: [openssl-users] Certificate template information

so far. Thanks again. Andy -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Jakob Bohm Sent: 28 April 2015 04:17 To: openssl-users@openssl.org Subject: Re: [openssl-users] Certificate template information On 28/04/2015 02:59, Salz, Rich wrote: &g

Re: [openssl-users] Certificate template information

On 28/04/2015 02:59, Salz, Rich wrote: I have need to identify a Microsoft generated certificate's template name, I believe as part of oid 1.3.6.1.4.1.311.21.7 Where, in a cert OtherName field? It is an extension. Microsoft certificate server (their bundled CA software) puts the name of the "

Re: [openssl-users] Certificate template information

> I have need to identify a Microsoft generated certificate's template name, I > believe as part of oid 1.3.6.1.4.1.311.21.7 Where, in a cert OtherName field? ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openss

[openssl-users] Certificate template information

Hi All, First time post, be gentle :-) I know this has come up before, but not recently, and there aren't any answers that seem conclusive. I have need to identify a Microsoft generated certificate's template name, I believe as part of oid 1.3.6.1.4.1.311.21.7 Can anybody shed any light on how to

Re: Get information about current SSL connection

On Tue, Aug 26, 2014 at 03:54:26PM +0200, Marco Bambini wrote: > Once a client is connected to a server through SSL_accept, is there a way to > get more information about the connection? > I am looking for SSL version (sslv3 or TSLv1.1 or more) and which cypher is > used. SSL

Get information about current SSL connection

Once a client is connected to a server through SSL_accept, is there a way to get more information about the connection? I am looking for SSL version (sslv3 or TSLv1.1 or more) and which cypher is used. Any help would be really appreciated. Thanks. -- Marco Bambini http://www.sqlabs.com http

Conflicting information regarding non-blocking sockets

I have is this: If I call SSL_read() and openSSL tells me that it NEEDS_WRITE or NEEDS_READ, do I need to then hold off calls to SSL_write until I have called SSL_read again and it is succeeds? And then same question but with SSL_write. I am asking because I have seen conflicting information

Information Regarding Commercially available OCSP Responder.

? What is the actual behavior of OCSP Responder? -- View this message in context: http://openssl.6102.n7.nabble.com/Information-Regarding-Commercially-available-OCSP-Responder-tp46486.html Sent from the OpenSSL - User mailing list archive at Nabble.com

RE: Generate CSR, based on information in a file.

Subject: Generate CSR, based on information in a file. Good day I would like to ask. The information that is needed for when you generate a CSR, can that be stored and read by openssl to generate the CSR. Reason Im asking is. I have to generate quite a few CSR,s, that idea is like a batch / for loop

Re: Generate CSR, based on information in a file.

On Thu, May 10, 2012, Brent Clark wrote: > Good day > > I would like to ask. > > The information that is needed for when you generate a CSR, can that be > stored and read by openssl to generate the CSR. > > Reason Im asking is. I have to generate quite a few CSR,s

Generate CSR, based on information in a file.

Good day I would like to ask. The information that is needed for when you generate a CSR, can that be stored and read by openssl to generate the CSR. Reason Im asking is. I have to generate quite a few CSR,s, that idea is like a batch / for loop to read the CSR information file, and I output

Re: Information regarding export type of cipher suites.

On 5/9/2012 9:46 AM, nilesh wrote: Hi, In the SSL3.0 man page it is mentioned that the export type of cipher suites are no longer supported. US government has lifted the export restrictions. Could someone please clarify what exactly is meant by export restrictions? And are these cipher suite

Information regarding export type of cipher suites.

Hi, In the SSL3.0 man page it is mentioned that the export type of cipher suites are no longer supported. US government has lifted the export restrictions. Could someone please clarify what exactly is meant by export restrictions? And are these cipher suites no longer commonly used? -- Than

RE: Exchange information without SSL

> From: owner-openssl-us...@openssl.org On Behalf Of Alex Chen > Sent: Thursday, 03 May, 2012 13:47 > Thanks for the reply Erwin. Let me clarify the goal: the client > wants to send an encrypted message to the server for security reason > and the connection ... can be SSL [but

Re: Exchange information without SSL

IPSec to protect the message. > > Erwin > > On Wed, May 2, 2012 at 4:46 PM, Alex Chen wrote: > I want to send encrypted information from a client to the server via non-SSL > connections without using hardcode encryption key, i.e. a typical scenario. > Both client a

Re: Exchange information without SSL

Chen wrote: > I want to send encrypted information from a client to the server via > non-SSL connections without using hardcode encryption key, i.e. a typical > scenario. Both client and server have their private key and certificate. > (RAS key, PEM format) > I am thinking of

Exchange information without SSL

I want to send encrypted information from a client to the server via non-SSL connections without using hardcode encryption key, i.e. a typical scenario. Both client and server have their private key and certificate. (RAS key, PEM format) I am thinking of two options to exchange the encryption

Re: Need information about FIPS 2.0 and OpenSSL 1.0.1

latforms that will be >> tested? > > The current list can be found at > http://opensslfoundation.com/testing/validation-2.0/platforms/Platforms.pdf. > Mac OS is not currently among them. > > -Steve M. > > -- > Steve Marquess > OpenSSL Software Foundation, Inc. &

Looking for information on creating an openssl engine

Is there any sort of a guide as to what is needed to create an openssl engine? It's not clear to me what interface needs to be provided nor exactly what functionality can be moved to an engine. I have an idea I'd like to experiment with for an approach to parallelising encryption/decryption (usin

Re: Need information about FIPS 2.0 and OpenSSL 1.0.1

> Hi, > > I had a few questions regarding the new OpenSSL FIPS object module. > > 1) What would be the time frame for completing FIPS 2.0 validations? At present we anticipate the formal validation award in Q1 of 2012. The original schedule has slipped from Q4 2011 due to a recent request by our

Need information about FIPS 2.0 and OpenSSL 1.0.1

Hi, I had a few questions regarding the new OpenSSL FIPS object module. 1) What would be the time frame for completing FIPS 2.0 validations? Also, around what time frame do you think will FIPS capable openssl 1.0.1 distribution be available for public use? 2) Are the latest snapshot distributions

Re: Retrieve basic information from an existing certificate already in place

I'm kidding :), but they don't have URLs of their own. Now, a URL may have an associated Certificate (HTTPS, LDAPS, SMTP with STARTTLS, etc.) - if you want to connect to such services, you can use the openssl s_client program with the appropriate switches, and those will give you infor

Retrieve basic information from an existing certificate already in place

Hello, I'm looking into the openSSL command/syntax to be used in order to retrieve information on a certificate via it's URL. Anyone have a good example to accomplish this? All that needs to happen is to Display information on a cert (via Windows command line, but that should

Re: Information wanted on OpenSSL cipher alias HIGH, MEDIUM and LOW.

On Fri, Apr 16, 2010, Bhat, Jayalakshmi Manjunath wrote: > Hi Sandeep and Adam Langley, > > Thank you very much. But I did not find where the aliases LOW,MEDIUM and > HIGH are defined. I wanted to know where they are defined in OpenSSL? > Don't send this to openssl-dev it is a users question.

Re: Information wanted on OpenSSL cipher alias HIGH, MEDIUM and LOW.

,MEDIUM and HIGH as aliases. > Please can someone provide me more information on this? For example: % openssl ciphers -v '-ALL:HIGH' should give you a list of the HIGH ciphers. AGL -- Adam Langley a...@imperialviolet.o

RE: Information wanted on OpenSSL cipher alias HIGH, MEDIUM and LOW.

kiran p Sent: Thursday, April 15, 2010 7:21 PM To: openssl-...@openssl.org Cc: openssl-users@openssl.org Subject: Re: Information wanted on OpenSSL cipher alias HIGH, MEDIUM and LOW. Run the following command to know which ciphers get selected. # openssl ciphers 'ALL:!SSLv2:!EXPORT

Re: Information wanted on OpenSSL cipher alias HIGH, MEDIUM and LOW.

gt; I wanted to know when we use "ALL:!SSLv2:!EXPORT:!LOW:!MEDIUM:!DH" to > select > the ciphers how do OpenSSL understands what are ciphers are available under > LOW and MEDIUM. Ssleay.txt documents names LOW,MEDIUM and HIGH as aliases. > Please can someone provide me

Information wanted on OpenSSL cipher alias HIGH, MEDIUM and LOW.

Hi All, I wanted to know when we use "ALL:!SSLv2:!EXPORT:!LOW:!MEDIUM:!DH" to select the ciphers how do OpenSSL understands what are ciphers are available under LOW and MEDIUM. Ssleay.txt documents names LOW,MEDIUM and HIGH as aliases. Please can someone provide me more informati

Re: getting FIPS information

On Tue, Mar 23, 2010, Adam Grossman wrote: > hello. > > After FIPS_set_mode() passes, and i am in FIPS mode, is there anyway to > retrieve a version strings, such as "FIPS 1.2" or anything like that so > i can verify that the correct FIPS module is being used? > Not directly but the 1.2 module

getting FIPS information

hello. After FIPS_set_mode() passes, and i am in FIPS mode, is there anyway to retrieve a version strings, such as "FIPS 1.2" or anything like that so i can verify that the correct FIPS module is being used? thank you, -=- adam grossman __

Re: Information regarding data and control channel security

salini g wrote: > Is OpenSSL secures both data and control channel. Could yo please let > me know where I can find some reference documents for this. > OpenSSL is a library implementing various cryptographic primitives, and some protocols (i.e.: TLS, CMS and S/MIME). For TLS, please see RFC5246. F

Information regarding data and control channel security

Is OpenSSL secures both data and control channel. Could yo please let me know where I can find some reference documents for this. Any help would be appreciated. Thanks, Salini __ OpenSSL Project ht

Re: problem connecting to ssl server MORE INFORMATION, EVEN MORE

06: > > What does that mean from a configuration point of view? I have the default > openssl package installed and also the cacert.org.pem-file in the correct > place. > > On Thu, May 14, 2009 at 01:58:13PM +0200, Folkert van Heusden wrote: >> ssldump gives me the following i

Re: problem connecting to ssl server MORE INFORMATION, EVEN MORE

. On Thu, May 14, 2009 at 01:58:13PM +0200, Folkert van Heusden wrote: > ssldump gives me the following information: > > belle:/home/folkert# ssldump -a -A -H -k Personal/src/https2http/key.pem -i lo > New TCP connection #1: localhost(33455) <-> localhost(996) > 1 1 0.000

Re: problem connecting to ssl server MORE INFORMATION

ssldump gives me the following information: belle:/home/folkert# ssldump -a -A -H -k Personal/src/https2http/key.pem -i lo New TCP connection #1: localhost(33455) <-> localhost(996) 1 1 0.0001 (0.0001) C>S SSLv2 compatible client hello Version 3.1 cipher suites Unknown v

{Urgent}Different Elements inserted to x509 and some information required on patching fixes!

Hi All! We are running into an important and critical customer issue where we see some entry in the X509 stack entry when being freed is found to have a value of 0x / -1 and as a result of the same there is a crash. Found few other issues where different element is there in X509 stack

Re: (DTLS) Nexuiz needs information on the open-ssl UDP stuff.

> On Thu, 16 Apr 2009 22:44:36 +0200, Michael Tüxen > said: MT> Steven has applied all patches Robin provided for DTLS. So MT> they should be included in the next releases of OpenSSL. That's certainly good news! -- "In the bathtub of history the truth is harder to hold than the soap,

Re: (DTLS) Nexuiz needs information on the open-ssl UDP stuff.

, 4/13/09, Wes Hardaker wrote: From: Wes Hardaker Subject: Re: (DTLS) Nexuiz needs information on the open-ssl UDP stuff. To: openssl-users@openssl.org Date: Monday, April 13, 2009, 5:06 PM On Sat, 11 Apr 2009 22:49:46 -0700 (PDT), Miguel Ghobangieno said: MG> They're all multi-trea

Re: (DTLS) Nexuiz needs information on the open-ssl UDP stuff.

on't they investigate and perhaps apply the patches? --- On Mon, 4/13/09, Wes Hardaker wrote: > From: Wes Hardaker > Subject: Re: (DTLS) Nexuiz needs information on the open-ssl UDP stuff. > To: openssl-users@openssl.org > Date: Monday, April 13, 2009, 5:06 PM > >>>

Re: (DTLS) Nexuiz needs information on the open-ssl UDP stuff.

> On Sat, 11 Apr 2009 22:49:46 -0700 (PDT), Miguel Ghobangieno > said: MG> They're all multi-treaded. How to do it in a single threaded app MG> with multiple users? Here's another documented example of a working hack: http://www.net-snmp.org/wiki/index.php/DTLS_Implementation_Notes

Re: (DTLS) Nexuiz needs information on the open-ssl UDP stuff.

They're all multi-treaded. How to do it in a single threaded app with multiple users? --- On Sat, 4/11/09, Michael Tüxen wrote: > From: Michael Tüxen > Subject: Re: (DTLS) Nexuiz needs information on the open-ssl UDP stuff. > To: openssl-users@openssl.org > Date: Saturday,

Re: (DTLS) Nexuiz needs information on the open-ssl UDP stuff.

You might want to take a look at the examples at http://sctp.fh-muenster.de/dtls-samples.html Best regards Michael On Apr 11, 2009, at 10:03 PM, Miguel Ghobangieno wrote: Any information on this? --- On Thu, 4/9/09, Miguel Ghobangieno wrote: From: Miguel Ghobangieno Subject: (DTLS

Re: (DTLS) Nexuiz needs information on the open-ssl UDP stuff.

Any information on this? --- On Thu, 4/9/09, Miguel Ghobangieno wrote: > From: Miguel Ghobangieno > Subject: (DTLS) Nexuiz needs information on the open-ssl UDP stuff. > To: openssl-users@openssl.org > Date: Thursday, April 9, 2009, 4:09 PM > > Hi, Im a Nexuiz pla

(DTLS) Nexuiz needs information on the open-ssl UDP stuff.

Hi, Im a Nexuiz player (fully GPL FPS ( nexuiz.com ) and allowing fully-encrypted communications between the nexuiz client and the server has been discussed and is planned. However the UDP spec for open-ssl is not known. The architecture of the server (darkplaces) is a single threaded udp appl

RE: Get information about PEM file

except some as x->cert_info->version->data or x->cert_info->serialNumber->data. Both fields are unsigned char *. From: borrash...@hotmail.com To: openssl-users@openssl.org Subject: Get information about PEM file Date: Sun, 1 Mar 2009 17:44:08 +0100 Hello, I'm making a c

Get information about PEM file

ields (X509 * x; x->cert_info->version->data, x->cert_info->version->serialNumber) contain garbage and this information is required by the client when establish connection through sockets. My code: BIO *in = BIO_new(BIO_s_file()); BIO_read_filename(in, (void*) &qu

OpenSSL API to get the value of Authority Information Access field

Hi all, Is there any OpenSSL API which will give me the value of Authority Information Access in extensions ? If not , then how to get this value from a X509 structure Thanks in advance, Aravind.

  1   2   3   >