Thanks Viktor. I did get some fixes (via this list) from Steve a while
back because SRP authenication was completely broken out of the box with
1.0.1i. However I don't know if all the changes in the commit you
mentioned have been merged. I will investigate further.
Norm
On 9/8/14 17:30, Viktor Dukhovni wrote:
On Mon, Sep 08, 2014 at 03:10:47PM -0700, Norm Green wrote:
I will try to capture traffic in the next run.
Looking at the commit history after 1.0.1i, I think
you want:
commit 30fbe92c78981a417718bcbf25d295d16c5b7ed9
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Fri Aug 8 11:24:25 2014 +0100
Fix SRP authentication ciphersuites.
The addition of SRP authentication needs to be checked in various places
to work properly. Specifically:
A certificate is not sent.
A certificate request must not be sent.
Server key exchange message must not contain a signature.
If appropriate SRP authentication ciphersuites should be chosen.
Reviewed-by: Matt Caswell <m...@openssl.org>
(cherry picked from commit 8f5a8805b82d1ae81168b11b7f1506db9e047dec)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
