On Mon, Jul 08, 2013 at 07:06:43AM +0200, Otto Moerbeek wrote:
> I think you missed the renogiate case. Anyway, I posted almost the
> same diff some time ago.
You're right -- renegotiate case was missed. Your patch from April looks
fine to me. It would be beneficial to have it committed.
Thanks
On Tue, Apr 23, 2013 at 09:08:19AM +0200, Otto Moerbeek wrote:
> If there is any interest, I might add the manual stuff, get ok's and
> commit it.
I find it useful to have SSLHonorCipherOrder in OpenBSD's apache.
On Mon, Jul 08, 2013 at 05:30:22AM +0200, J??r??mie Courr??ges-Anglas wrote:
> Otto Moerbeek had already done work about this, but no one commented on
> the mailing-list: http://marc.info/?l=openbsd-tech&m=136670100711787&w=2
I am sorry I've missed his earlier email.
> > This diff is adapted from
As you may or may not know, SSLHonorCipherOrder is supported since
apache 2.1.
This diff ports this feature to OpenBSD's httpd. Its effects can be
tested @ https://www.ssllabs.com/ssltest/analyze.html?d=example.com by
playing with SSLHonorCipherOrder/SSLCipherSuite directives.
SSLHonorCipherOrder
On Mon, May 20, 2013 at 08:24:06PM +0100, Stuart Henderson wrote:
> If you make it a couple of paragraphs past the table, there is this
> paragraph, which is rather clear:
>
> Using AES-GMAC or NULL with ESP will only provide authentication. This
> is useful in setups where AH can not b
On Sat, May 18, 2013 at 04:30:43AM +0200, Reyk Floeter wrote:
> You're mixing up GCM and GMAC. You have to update your config to use
> aes-256-gcm instead of aes-256-gmac! The GMAC is actually only the
> authentication part and it is not encrypting the payload. You can
> see it as "childsa enc n
Before I proceed, I realize that iked is not yet finished and is missing
some important security features. I am just pointing out something that
may not be known, and perhaps should be addressed.
I have a very simple instance of 2 qemu machines, running same snapshot
of 5.3-current:
OpenBSD openbs
Re-create a seed file on a first boot too -- better than not having any
seed at all.
Index: etc/rc
===
RCS file: /cvs/src/etc/rc,v
retrieving revision 1.400
diff -u etc/rc
--- etc/rc 6 Apr 2012 15:11:30 - 1.400
+++ etc/
On Thu, Dec 08, 2011 at 07:34:16PM +0100, Mike Belopuhov wrote:
> patches for portable openssh should go to the portable openssh mailing lists:
> http://mindrot.org/portable-openssh.html
> (you can't apply them to openbsd source tree)
>
> and you should probably use unified diffs (diff -up).
Here
Hello there,
Is there any good reason why most of .c files need to have externs for
ServerOptions/Options? Any reason not to have them in appropriate header
files?
Index: auth-chall.c
===
RCS file: /cvs/openssh/auth-chall.c,v
retriev
Please review the diff.
Thanks
Index: usr.bin/ssh/authfd.c
===
RCS file: /cvs/src/usr.bin/ssh/authfd.c,v
retrieving revision 1.84
diff -p -u -r1.84 authfd.c
--- usr.bin/ssh/authfd.c31 Aug 2010 11:54:45 - 1.84
+++ usr.
On Sat, Jun 06, 2009 at 10:23:34PM -0600, g...@gwk.ca wrote:
> And it works better if you send the actual diff you would like tested
> sorry about this, but please test this one.
>
seemingly no regressions on thinkpad T61, speedstep is properly
recognized now.
OpenBSD 4.5-current (GENERIC.MP) #4:
12 matches
Mail list logo