On 07/08/2019 12:19, Chitrang Srivastava wrote:
> Hi Matt,
>
> I tried following code but it is crashing @ *SSL_CTX_set_ciphersuites*
> s_ctx = SSL_CTX_new(TLS_method());
> SSL_CTX_set_options(s_ctx, SSL_OP_NO_RENEGOTIATION |
> SSL_OP_CIPHER_SERVER_PREFERENCE);
> SSL_CTX_set_min_proto_version(
Hi Matt,
I tried following code but it is crashing @ *SSL_CTX_set_ciphersuites*
s_ctx = SSL_CTX_new(TLS_method());
SSL_CTX_set_options(s_ctx, SSL_OP_NO_RENEGOTIATION |
SSL_OP_CIPHER_SERVER_PREFERENCE);
SSL_CTX_set_min_proto_version(s_ctx, TLS1_2_VERSION);
SSL_CTX_set_ciphersuites(s_ctx,
"TLS_AES_
On 06/08/2019 11:21, Chitrang Srivastava wrote:
> Yes , since in my case mostly browser will be used to access webserver running
> on embedded platform.
> Another question, since my webserver is running on embedded platform and it
> has
> limited memory , I have disabled
> ARIA/CAMELLIA and fe
Yes , since in my case mostly browser will be used to access webserver
running on embedded platform.
Another question, since my webserver is running on embedded platform and it
has limited memory , I have disabled
ARIA/CAMELLIA and few others, is that OK ? because I don't see any ciphers
suites wh
On 06/08/2019 11:07, Chitrang Srivastava wrote:
> Thanks Matt,
>
> So now I have, which i believe is enough ?
>
> SSL_CTX_set_options(s_ctx, SSL_OP_NO_RENEGOTIATION |
> SSL_OP_CIPHER_SERVER_PREFERENCE);
> SSL_CTX_set_min_proto_version(s_ctx, TLS1_2_VERSION);
This is fine although it obviousl
Thanks Matt,
So now I have, which i believe is enough ?
SSL_CTX_set_options(s_ctx, SSL_OP_NO_RENEGOTIATION |
SSL_OP_CIPHER_SERVER_PREFERENCE);
SSL_CTX_set_min_proto_version(s_ctx, TLS1_2_VERSION);
On Tue, Aug 6, 2019 at 3:04 PM Matt Caswell wrote:
>
>
> On 06/08/2019 09:42, Chitrang Srivastav
On 06/08/2019 09:42, Chitrang Srivastava wrote:
> Hi,
>
> I am implementing HTTPs server using openssl 1.1.1b.
> Is it mandatory to setup these API's while creating ssl context ?
>
> SSL_CTX_set_tmp_ecdh
>
> SSL_CTX_set_tmp_dh
By default OpenSSL will automatically use ECDH if appropriate and
Hi,
I am implementing HTTPs server using openssl 1.1.1b.
Is it mandatory to setup these API's while creating ssl context ?
SSL_CTX_set_tmp_ecdh
SSL_CTX_set_tmp_dh
Also any suggestion what all options one should set while setting up server
like
SSL_CTX_set_options like SSL_OP_NO_SSLv2 |SSL_OP_NO
