Re: Libressl verify failure with 3.9.0

hat. Ted > -Original Message- > > From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On > Behalf > > Of Theo Buehler > > Sent: Monday, April 08, 2024 6:45 AM > > To: Ted Wynnychenko > > Cc: 'OpenBSD misc'; b...@openbsd.org; js...@o

Re: Libressl verify failure with 3.9.0

On Mon, Apr 08, 2024 at 05:53:47PM -0500, Ted Wynnychenko wrote: > Thanks for the suggestion. > The workaround does work, and creates (essentially) the same certificate, > but one that does not fail verification with the new libressl. > I did notice the option of not have the leading "20" for dates

Re: Libressl verify failure with 3.9.0

> On Apr 8, 2024, at 5:44 AM, Theo Buehler wrote: > > On Sun, Apr 07, 2024 at 04:57:24PM -0500, Ted Wynnychenko wrote: >> Hello, >> >> I recently updated to -current (about a week ago). >> >> I see that Libressl is at 3.9.1 just now, but I hope that won't be an issue >> (I did not see anyth

Re: Libressl verify failure with 3.9.0

On Sun, Apr 07, 2024 at 04:57:24PM -0500, Ted Wynnychenko wrote: > Hello, > > I recently updated to -current (about a week ago). > > I see that Libressl is at 3.9.1 just now, but I hope that won't be an issue > (I did not see anything in the release notes that would impact my question). > --- >

Re: libressl vs openssl

On Fri, 2022-01-28 at 21:18 +, Stuart Henderson wrote: > On 2022-01-28, Laura Smith wrote: > > ‐‐‐ Original Message ‐‐‐ > > > > On Friday, January 28th, 2022 at 14:43, dansk puffer > > wrote: > > > > > Are there any major security differences between libressl and openssl > > > now

Re: libressl vs openssl

> On Jan 28, 2022, at 11:53 AM, Laura Smith > wrote: > > ‐‐‐ Original Message ‐‐‐ > >> On Friday, January 28th, 2022 at 14:43, dansk puffer >> wrote: >> >> Are there any major security differences between libressl and openssl >> nowadays? From what I read the situation for opens

Re: libressl vs openssl

On 2022-01-28, Laura Smith wrote: > ‐‐‐ Original Message ‐‐‐ > > On Friday, January 28th, 2022 at 14:43, dansk puffer > wrote: > >> Are there any major security differences between libressl and openssl >> nowadays? From what I read the situation for openssl improved and some Linux >> d

Re: libressl vs openssl

On Fri, 28 Jan 2022 14:43:04 +, dansk puffer wrote: > Are there any major security differences between libressl and openssl > nowadays? From what I read the situation for openssl improved and > some Linux distros switched back to openssl again with mostly? > OpenBSD remaining to use libressl

Re: libressl vs openssl

> On Jan 28, 2022, at 9:46 AM, dansk puffer wrote: > > Are there any major security differences between libressl and openssl > nowadays? From what I read the situation for openssl improved and some Linux > distros switched back to openssl again with mostly? OpenBSD remaining to use > libre

Re: libressl handling of expired CA certificate

Stuart Henderson writes: > The same happens with 6.7 and -current. > > Hopefully this will be improved in libressl, but libressl clients > aren't the only ones who will have problems with this - if you're in > contact with the server admins I would recommend they remove the > expired cert from th

Re: libressl handling of expired CA certificate

On 2020-06-01, Allan Streib wrote: > Below are two openssl s_client transcripts. First with the original > cert.pem (Verify return code: 10 (certificate has expired)) and second > after I edited cert.pem to remove AddTrust (Verify return code: 0 (ok)). > > So, I thought perhaps the issue described

Re: LibreSSL performance issue

On Tue, Jan 07, 2020 at 11:06:38AM -0800, Jordan Geoghegan wrote: > Is there a specific reason you're running i386 instead of amd64? Yes, i386 generates substantially smaller images than amd64. In an environment where you are constrained to the existing available virtualization capacity and are

Re: LibreSSL performance issue

Is there a specific reason you're running i386 instead of amd64? And why are you testing this on FreeBSD? Wrong mailing list On 2020-01-07 08:26, Joe Greco wrote: On Tue, Jan 07, 2020 at 09:33:46AM -0600, Edgar Pettijohn wrote: In reality, when you dig down, often you find that there's another

Re: LibreSSL performance issue

On Tue, Jan 07, 2020 at 07:50:37PM +0100, Bodie wrote: > On 7.1.2020 17:26, Joe Greco wrote: > >On Tue, Jan 07, 2020 at 09:33:46AM -0600, Edgar Pettijohn wrote: > >>> In reality, when you dig down, often you find that there's another > >>> reason for the issue.?? I was recently trying to substitute

Re: LibreSSL performance issue

On 7.1.2020 17:26, Joe Greco wrote: On Tue, Jan 07, 2020 at 09:33:46AM -0600, Edgar Pettijohn wrote: > In reality, when you dig down, often you find that there's another > reason for the issue.?? I was recently trying to substitute libressl > into an openssl environment.?? Performance tanked.

Re: LibreSSL vs. OpenSSL enc command

Dieter Rauschenberger: > This was serveral years ago before Libressl was invented. Now I wanted > to decrypt the docs with: > > openssl enc -aes-256-cbc -d < FOO.aes256 > FOO > > This did not work. The password did not work anymore. The default message digest function used for key derivation ch

Re: LibreSSL vs. OpenSSL enc command

Hi Jeff openssl enc -aes-256-cbc -d -md md5 < FOO.aes256 > FOO did the trick. Thank you very much. -Dieter On Wed, Dec 04, 2019 at 01:12:08PM -0500, Jeffrey Walton wrote: > On Wed, Dec 4, 2019 at 1:05 PM Dieter Rauschenberger > wrote: > > > > i have encrypted several documents with > > > > ope

Re: LibreSSL vs. OpenSSL enc command

On Wed, Dec 4, 2019 at 1:05 PM Dieter Rauschenberger wrote: > > i have encrypted several documents with > > openssl enc -aes-256-cbc -e < FOO > FOO.aes256 > > This was serveral years ago before Libressl was invented. Now I wanted > to decrypt the docs with: > > openssl enc -aes-256-cbc -d < FOO.ae

Re: LibreSSL Linux portability and OpenBSD security

On Saturday 10 February 2018 11:09:04 Kevin Chadwick wrote: > On Sat, 10 Feb 2018 16:24:38 +1100 > > > > Just in case some libressl dev doesn't want read the full thread in > > > the Alpine list, they want also a workaround for the lack of time_t > > > for 32bits platforms on Linux. > > > > We've

Re: LibreSSL Linux portability and OpenBSD security

On Sat, 10 Feb 2018 16:24:38 +1100 > > Just in case some libressl dev doesn't want read the full thread in > > the Alpine list, they want also a workaround for the lack of time_t > > for 32bits platforms on Linux. > > We've already addressed this - a notafter that exceeds 2038 is > clamped to

Re: LibreSSL Linux portability and OpenBSD security

On Saturday 10 February 2018 00:05:27 Juan Francisco Cantero Hurtado wrote: [snip] > Just in case some libressl dev doesn't want read the full thread in the > Alpine list, they want also a workaround for the lack of time_t for > 32bits platforms on Linux. We've already addressed this - a notafter

Re: LibreSSL Linux portability and OpenBSD security

> It isn't just this. Qt 5.10 introduces new dependency on OpenSSL 1.1 > APIs for improved security, and LibreSSL does not implement those APIs > at all. The 1.1 API does not improve security. If anything, the new API requires to you repeat the same or similar arguments to many functions, and in

Re: LibreSSL Linux portability and OpenBSD security

On 2018-02-09, A. Wilcox wrote: > This is an OpenPGP/MIME signed message (RFC 4880 and 3156) > --DCcmjS5tsvvgDBhgH7OD8mW309G9dT8Dp > From: "A. Wilcox" > To: misc@openbsd.org > Message-ID: > Subject: Re: LibreSSL Linux portability and OpenBSD security > Referen

Re: LibreSSL Linux portability and OpenBSD security

On Fri, Feb 09, 2018 at 12:58:30PM +, Kevin Chadwick wrote: > I assume you know far more than me and A.Wilcox from the Alpine list > but this was mentioned. They are planning to revert to OpenSSL next > week. > > I don't use Alpine, though it is possibly my preferred Linux, just > thought I wo

Re: LibreSSL Linux portability and OpenBSD security

On 02/09/18 11:48, Stuart Henderson wrote: > I don't understand that, Cryptography is OK with LibreSSL. There have > been some problems at various times but they were either patched locally > or fixed upstream - we're a couple of point releases behind the latest > at the moment with no libressl-rel

Re: LibreSSL Linux portability and OpenBSD security

Kevin Chadwick writes: > I wish libressl could keep the 32 bit time_t workaround til linux > kernel had fixed the problem instead of knowingly break things. Now I > don't see we have much of an option since 32 bit linux is basically > not supported by libressl at this point. Contortions in the c

Re: LibreSSL Linux portability and OpenBSD security

Thanks for the information Stu. Unfortunately I am not sure it will help in the end. Their project leader Natanael stated the following. The fact that libressl developers are not willing to workaround 32 bit linux time_t is the deal br

Re: LibreSSL Linux portability and OpenBSD security

On 2018-02-09, Kevin Chadwick wrote: > It isn't just this. Qt 5.10 introduces new dependency on OpenSSL 1.1 > APIs for improved security, and LibreSSL does not implement those APIs > at all. btw I haven't looked at Qt but some ports are already held back in OpenBSD because it's just getting too

Re: Libressl issue verifying self-signed certs with tls-auth and Openvpn

Hi Stuart and Joel, Just to confirm for others reading, you are very correct. And patch 014_libcrypto has fixed this :) So just run syspatch (or openup) and you'll be working again. Thanks for the commits ;) PS; good to hear from you again Stuart! Long time.. I'm on this email now rather than

Re: Libressl issue verifying self-signed certs with tls-auth and Openvpn

On Tuesday 20 June 2017 23:26:10 Andrew Lemin wrote: > Hi, > > Sadly in my testing it seems that CVE-2017-8301 ( > http://seclists.org/oss-sec/2017/q2/145) is still broken with the > latest LibreSSL > (2.5.4) and OpenVPN 2.4.2. > > Here is someone else reporting the same issue; > https://discours

Re: Libressl issue verifying self-signed certs with tls-auth and Openvpn

On 2017-06-22, Stuart Henderson wrote: > On 2017-06-20, Andrew Lemin wrote: >> Has anyone else come across any issues recently with Openvpn, Libressl and >> TLS on OpenBSD 6.1? > > Yes there have been problems reported like this: (This is from the > "Investigating self-signed cert behavior change

Re: Libressl issue verifying self-signed certs with tls-auth and Openvpn

On 2017-06-20, Andrew Lemin wrote: > Has anyone else come across any issues recently with Openvpn, Libressl and > TLS on OpenBSD 6.1? Yes there have been problems reported like this: (This is from the "Investigating self-signed cert behavior change" posts on the libressl mailing list). Mon May

Re: Libressl issue verifying self-signed certs with tls-auth and Openvpn

Hi, Sadly in my testing it seems that CVE-2017-8301 ( http://seclists.org/oss-sec/2017/q2/145) is still broken with the latest LibreSSL (2.5.4) and OpenVPN 2.4.2. Here is someone else reporting the same issue; https://discourse.trueos.org/t/libre-openssl-tls-error-when-using-openvpn/1358/4 Of co

Re: Libressl issue verifying self-signed certs with tls-auth and Openvpn

I've just found this hint on GitHub for the Openvpn compile options for Libressl; https://gist.github.com/gsora/2b3e9eb31c15a356c7662b0f960e2995 So will try a build later tonight and share back here if that CVE is fixed. Would prefer to rebuild with the same options as the packaged binary, and i

Re: LibreSSL on old OpenBSD

On Sat, Aug 13, 2016, at 01:36 PM, Roderick wrote: > On Sat, 13 Aug 2016, Theo de Raadt wrote: > > > We prefer creating a world that is simpler. That is the practice > > we follow with our bodies of code. > > > > You prefer backwards compat. Fine, that is your choice. You can > > apply that prin

Re: LibreSSL on old OpenBSD

> But programming > is always ponderation, in many dimensions. You must decide for example > between (run) time or space (memory), between security, performance > or simplicity. Sure, with absolute goals there is no much to decide and no > much discussion, and we are finished. > Rodrigo. Total bu

Re: LibreSSL on old OpenBSD

On Sat, 13 Aug 2016, Theo de Raadt wrote: We prefer creating a world that is simpler. That is the practice we follow with our bodies of code. You prefer backwards compat. Fine, that is your choice. You can apply that principle in your own code. Are we finished here? It is not so simple. Of

Re: LibreSSL on old OpenBSD

> And if the whole is a technical progress, is a more complicated > thing. I preffer to take a constant from sys/params.h at > compile time than getting it with a call of sysconf() at run time. > The older standards arose perhaps from considerations that > today are forgotten or play no role anymor

Re: LibreSSL on old OpenBSD

I thank you, you got what I wanted to know. I also thank Peter Hansteen, Stuart Henderson, Ted Unangst and Alex Bochmann for their polite and serious answers. Also Theo for his polite recomendation for my happyness: I will think about it. On Fri, 12 Aug 2016, Philip Guenther wrote: Yes, the pr

Re: LibreSSL on old OpenBSD

2016-08-12 23:28 GMT+02:00 Philip Guenther : > Yes, the previous situation with and > was confusing (code was including the wrong header and not getting the Thanks. Finally an answer after days of shouting. Best Martin

Re: LibreSSL on old OpenBSD

On Fri, Aug 12, 2016 at 1:53 AM, Roderick wrote: ... > What did change here from OpenBSD 4.8 to the current versions? Is it an > esential change? Yes, the previous situation with and was confusing (code was including the wrong header and not getting the optimized version that was expected) and

Re: LibreSSL on old OpenBSD

...on Fri, Aug 12, 2016 at 08:53:36AM +, Roderick wrote: > I know, you will complain, because I mention here that I still use > OpenBSD 4.8 in a machine. But my question is more general. > I was unable to install LibreSSL-2.4.2, but installing openssl-1.0.2h > was possible without problems

Re: LibreSSL on old OpenBSD

On Fri, Aug 12, 2016, at 10:42 AM, Ted Unangst wrote: > Roderick wrote: > > BSD is one of the oldest OS with IP support, and still now / few years > > ago was not clear from where to take MAXHOSTNAMELEN? > > > > OK, sysconf(_SC_HOST_NAME_MAX) may have a theoretical advantage > > when compiling one

Re: LibreSSL on old OpenBSD

Please just leave the list then, you will be happier. > On Fri, 12 Aug 2016, Jeremie Courreges-Anglas wrote: > > > I hope you can see what is wrong with that attitude. > > Perhaps you are very good understanding technical things. But: > > (1) I never wanted confrontation, I just asked something

Re: LibreSSL on old OpenBSD

Roderick wrote: > BSD is one of the oldest OS with IP support, and still now / few years > ago was not clear from where to take MAXHOSTNAMELEN? > > OK, sysconf(_SC_HOST_NAME_MAX) may have a theoretical advantage > when compiling one program for different systems. Is it a standard? > Why was it not

Re: LibreSSL on old OpenBSD

On Fri, 12 Aug 2016, Jeremie Courreges-Anglas wrote: I hope you can see what is wrong with that attitude. Perhaps you are very good understanding technical things. But: (1) I never wanted confrontation, I just asked something. And even if my question was "stupid", there is no reason for u

Re: LibreSSL on old OpenBSD

Roderick writes: > On Fri, 12 Aug 2016, Stuart Henderson wrote: > >> OpenBSD is developed as a whole; kernel, system source, ports. Changes made >> in one place often require changes to the other parts; if you're not tracking >> development that is a whole lot of work you're going to need to repl

Re: LibreSSL on old OpenBSD

On Fri, 12 Aug 2016, Stuart Henderson wrote: OpenBSD is developed as a whole; kernel, system source, ports. Changes made in one place often require changes to the other parts; if you're not tracking development that is a whole lot of work you're going to need to replicate. But the question abo

Re: LibreSSL on old OpenBSD

On 2016-08-12, Peter N. M. Hansteen wrote: > On Fri, Aug 12, 2016 at 08:53:36AM +, Roderick wrote: >> I know, you will complain, because I mention here that I still use >> OpenBSD 4.8 in a machine. But my question is more general. >> >> I was unable to install LibreSSL-2.4.2, but installing o

Re: LibreSSL on old OpenBSD

On Fri, Aug 12, 2016 at 08:53:36AM +, Roderick wrote: > I know, you will complain, because I mention here that I still use > OpenBSD 4.8 in a machine. But my question is more general. > > I was unable to install LibreSSL-2.4.2, but installing openssl-1.0.2h > was possible without problems. It

Re: LibreSSL on old OpenBSD

Roderick writes: > > Or what, do you think that guenther's commits to our headers are meant > > to make them worse? > > If guenthers commits to your headers made you better or worse, was not > the question. So what was your question? You make a roundabout email about libressl and endian.h and mut

Re: LibreSSL on old OpenBSD

2016-08-12 10:53 GMT+02:00 Roderick : > I know, you will complain, because I mention here that I still use > OpenBSD 4.8 in a machine. But my question is more general. > > I was unable to install LibreSSL-2.4.2, but installing openssl-1.0.2h > was possible without problems. > Well done. You just d

Re: LibreSSL on old OpenBSD

On 03:20 Fri 12 Aug, Anthony J. Bentley wrote: > Roderick writes: > > I know, you will complain, because I mention here that I still use > > OpenBSD 4.8 in a machine. > > Then why do you ask? Do you think people will happily take time to > help you debug problems on a system that has been *explici

Re: LibreSSL on old OpenBSD

Then why do you ask? If you read, perhaps you get it. Do you think people will happily take time to help you debug problems on a system that has been *explicitly* unsupported for the past five years? If a simple question irritates so much and takes time, then believe me, it is time to take v

Re: LibreSSL on old OpenBSD

Roderick writes: > I know, you will complain, because I mention here that I still use > OpenBSD 4.8 in a machine. Then why do you ask? Do you think people will happily take time to help you debug problems on a system that has been *explicitly* unsupported for the past five years? > In file includ

Re: LibreSSL, openssl.cnf and using ENV to pass values

On 7/28/2016 10:57 AM, Theo de Raadt wrote: > > ENV support was removed entirely. > > A few people found convenient ways to use that hack. > > However, the support is baked in -- unavoidable -- and occurs in all > library use-contexts. In some of those contexts, this environment > variable su

Re: LibreSSL, openssl.cnf and using ENV to pass values

> As I mentioned earlier, OpenSSL has no issues with this, but LibreSSL > picks up an error. The error is probably right in front of my eyes, but > I cannot find it. What am I doing wrong? ENV support was removed entirely. A few people found convenient ways to use that hack. However, the sup

Re: LibreSSL and easy-rsa

On 2015-07-22, Predrag Punosevac wrote: > Hi Misc, > > I apologize if this was asked earlier. I am using easy-rsa to generate > certificates for my new OpenVPN gateway. Could somebody confirm if > easy-rsa is now using LibreSSL? Quick inspection of It uses the "openssl" command which, on OpenBSD

Re: LibreSSL enable-ec_nistp_64_gcc_128 vs. compiler bugs

> Hi Miod, > > is your statement from > http://article.gmane.org/gmane.os.openbsd.misc/218944 : > > Until someone spends enough time checking the various compiler > > versions around to check which are safe to use, and which are not, > > this code will remain disabled in LibreSSL. > > still valid

Re: LibreSSL enable-ec_nistp_64_gcc_128 vs. compiler bugs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Miod, is your statement from http://article.gmane.org/gmane.os.openbsd.misc/218944 : > Until someone spends enough time checking the various compiler > versions around to check which are safe to use, and which are not, > this code will remain dis

Re: LibreSSL Portable compilation problem on Mac OS X

On Tue, Apr 7, 2015 at 10:28 PM, Brent Cook wrote: > > > On Apr 7, 2015, at 11:00 AM, Hrishikesh Murukkathampoondi < > hris...@gmail.com> wrote: > > > > Hi > > > > I got LibreSSL portable from > https://github.com/libressl-portable/portable > > > >

Re: LibreSSL Portable compilation problem on Mac OS X

> On Apr 7, 2015, at 11:00 AM, Hrishikesh Murukkathampoondi > wrote: > > Hi > > I got LibreSSL portable from https://github.com/libressl-portable/portable > > > I get the following error when trying to compile on Mac OS X Yosemite (ie I > execute

Re: LibreSSL Official T-shirts

Op Thu, 29 Jan 2015 17:53:10 +0100 schreef OpenBSD Store Misc : Some new awesome LibreSSL T-shirts are available to help fund developments. You can see them on https://www.openbsdstore.com. Why not use Comic Sans? Or: "This T-shirt specifically designed to annoy web hipsters" -- (Remove the

Re: Libressl and python2.7

My example was just to show you that OpenBSD ships with LibreSSL. Follow any "OpenSSL" tutorial to learn more. .Pkey() ===> .PKey() On 12/21/2014 03:48 PM, Alan Cheng wrote: Thanks Benjamin. Ssl works. But now I got a new eorror: OpenSSL.crypto.Pkey() function not found. Tried help(ssl) but f

Re: Libressl and python2.7

Thanks Benjamin. Ssl works. But now I got a new eorror: OpenSSL.crypto.Pkey() function not found. Tried help(ssl) but found that module does not provide any crypto related functions. Is there more modules to be imported or anything? Thanks! Alan Benjamin Baier 编写： >try >$ python2.7 >Python 2

Re: Libressl and python2.7

try $ python2.7 Python 2.7.8 (default, Dec 12 2014, 14:59:33) [GCC 4.2.1 20070719 ] on openbsd5 Type "help", "copyright", "credits" or "license" for more information. >>> import ssl >>> ssl.OPENSSL_VERSION On 12/21/2014 11:11 AM, Alan Cheng wrote: Hi, How can I use libressl with a python2.7 prog

Re: LibReSSL CHACHA20/POLY1305

On 14/11/14 13:28, Jérémie Courrèges-Anglas wrote: > Renaud Allard writes: > >> On 11/14/2014 10:12 AM, Jonathan Gray wrote: Now openssl ciphers CHACHA20 works as intended # openssl ciphers CHACHA20 ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-PO LY1305

Re: LibReSSL CHACHA20/POLY1305

On 11/14/2014 01:28 PM, Jérémie Courrèges-Anglas wrote: Renaud Allard writes: On 11/14/2014 10:12 AM, Jonathan Gray wrote: Now openssl ciphers CHACHA20 works as intended # openssl ciphers CHACHA20 ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305 This is alr

Re: LibReSSL CHACHA20/POLY1305

Renaud Allard writes: > On 11/14/2014 10:12 AM, Jonathan Gray wrote: >>> >>> Now openssl ciphers CHACHA20 works as intended >>> # openssl ciphers CHACHA20 >>> ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305 >> >> This is already present in rev 1.68/-current >>

Re: LibReSSL CHACHA20/POLY1305

On 11/14/2014 10:12 AM, Jonathan Gray wrote: Now openssl ciphers CHACHA20 works as intended # openssl ciphers CHACHA20 ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305 This is already present in rev 1.68/-current http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/l

Re: LibReSSL CHACHA20/POLY1305

On Fri, Nov 14, 2014 at 10:04:16AM +0100, Renaud Allard wrote: > Hello, > > On 11/14/2014 09:04 AM, Renaud Allard wrote: > >Hello, > > > >I am trying this on 5.6-stable. > >Is there a way to list all POLY1305/CHACHA20 based ciphers which are > >enabled? > > > >For example, if I try with RSA: > >#

Re: LibReSSL CHACHA20/POLY1305

Hello, On 11/14/2014 09:04 AM, Renaud Allard wrote: Hello, I am trying this on 5.6-stable. Is there a way to list all POLY1305/CHACHA20 based ciphers which are enabled? For example, if I try with RSA: # openssl ciphers RSA AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-GCM-SHA256:AES128-SHA

Re: libressl

> On 10/22/14 21:27, Chris Cappuccio wrote: > > Gregory Edigarov [ediga...@qarea.com] wrote: > >> Hi, > >> > >> Since we are already go with re-engineering of openssl becoming libressl, > >> why not provide some clean and intuitive interface instead of that crap > >> openssl(1) is? For example ress

Re: libressl

On 10/22/14 21:27, Chris Cappuccio wrote: Gregory Edigarov [ediga...@qarea.com] wrote: Hi, Since we are already go with re-engineering of openssl becoming libressl, why not provide some clean and intuitive interface instead of that crap openssl(1) is? For example ressl(1) would be the new "high

Re: libressl

Gregory Edigarov [ediga...@qarea.com] wrote: > Hi, > > Since we are already go with re-engineering of openssl becoming libressl, > why not provide some clean and intuitive interface instead of that crap > openssl(1) is? For example ressl(1) would be the new "high level" interface > with very few s

Re: libressl

2014-10-22 16:33 GMT+02:00 Gregory Edigarov : > openssl(1) is? For example ressl(1) would be the new "high level" interface > with very few selected frequently used functions, and openssl(1) with low > level interface as it is now http://www.openbsd.org/papers/eurobsdcon2014-libressl.html Best

Re: LibreSSL 2.1.1 released.

On Sat, Oct 18, 2014 at 11:36 AM, Reiner Jung wrote: > On Fri, 2014-10-17 at 16:52 -0400, Ian Grant wrote: >> On Thu, Oct 16, 2014 at 9:15 AM, Bob Beck wrote: >> > We have released LibreSSL 2.1.1- which should be arriving in the >> > LIbreSSL directory of an OpenBSD mirror near you very soon. >>

Re: LibreSSL 2.1.1 released.

On Fri, 2014-10-17 at 16:52 -0400, Ian Grant wrote: > On Thu, Oct 16, 2014 at 9:15 AM, Bob Beck wrote: > > We have released LibreSSL 2.1.1- which should be arriving in the > > LIbreSSL directory of an OpenBSD mirror near you very soon. > > If I clone the GitHub repo from Bolivia, do I have to cut

Re: LibreSSL 2.1.1 released.

On Thu, Oct 16, 2014 at 9:15 AM, Bob Beck wrote: > We have released LibreSSL 2.1.1- which should be arriving in the > LIbreSSL directory of an OpenBSD mirror near you very soon. If I clone the GitHub repo from Bolivia, do I have to cut my eyeballs out or stand guilty of re-exporting munitions fro

Re: LibreSSL Portable, disable SSLv3

Now are the updates on the mirror. Thx. > Am 16.10.2014 um 15:27 schrieb Stefan Sperling > > Update to LibreSSL 2.1.1.

Re: LibreSSL Portable, disable SSLv3

On Thu, Oct 16, 2014 at 03:10:24PM +0200, Heiko Zimmermann wrote: > Hello together, > > what is the best way, to disable SSLv3 support in LibreSSL 2.1.0 > portable (f.e. using on Mac OSX)? > > Thank you. > /Heiko Update to LibreSSL 2.1.1.

Re: [ntru-crypto] Re: LibreSSL & Post-Quantum World, NTRU

openbsd.org; misc@openbsd.org; dera...@cvs.openbsd.org; t...@tedunangst.com; b...@openbsd.org; i...@resilientmachines.com; i...@henningbrauer.com; ntru-cry...@securityinnovation.com Subject: [ntru-crypto] Re: LibreSSL & Post-Quantum World, NTRU 2014-09-13 19:27 GMT+02:00 why not : > hello > &

Re: LibreSSL & Post-Quantum World, NTRU

2014-09-13 19:27 GMT+02:00 why not : > hello > > Besides NTRU is having a GPL licence, https://github.com/NTRUOpenSourceProject/ntru-crypto/issues/4 https://github.com/tbuktu/libntru but: http://blog.cr.yp.to/20140213-ideal.html Daniel

Re: [LibreSSL] unable to encrypt file

> I'm trying to encrypt a file using openssl and a prompted password on OpenBSD. > Unfortunately there is no prompt and all I get is a 'bad password read': I'll guess you're using a snapshot from one or two weeks old. This has been fixed since.

Re: LibreSSL libcrypto.a/libssl.a/openssl.bin filesize

Are you comparing like-for-like (presence of debug symbols etc?) yep; after strip -g it looks different: # openssl -rw-r--r-- 1 ngx ngx 4281k Jun 10 17:00 libcrypto.a -rw-r--r-- 1 ngx ngx 722k Jun 10 17:00 libssl.a -rwxr-xr-x 1 ngx ngx 510k Jun 15 13:36 openssl # libressl -rw-r- 1 ngx ng

Re: LibreSSL libcrypto.a/libssl.a/openssl.bin filesize

On 2014-07-14, Markus Manzke wrote: > Hi, > > i recently build libressl 2.0.1 and nginx+libressl > and noticed some major differences in filesizes, > compared to a recent build of openssl (openssl and > libressl both statically compiled into nginx-binary) Are you comparing like-for-like (presenc

Re: LibreSSL and code signing

> Are there any plans to signify the new tarball, or PGP sign it? too busy working on the code. The tarball is a working prototype. Next version will probably be signify'd.

Re: LibreSSL and code signing

On Sat, Jul 12, 2014 at 17:27, h410g3n wrote: > Hey, > > Are there any plans to signify the new tarball, or PGP sign it? There are plans.

Re: LibreSSL: in-place replacement on FreeBSD?

Joel Sing schrob am 12. Jul. 2014 um 12:29 Uhr dies: > In short, yes. Please try it and let us know if you find problems. OK. I'll see if I'll find some time. Thank you! -- I could contain traces of nuts.

Re: LibreSSL: in-place replacement on FreeBSD?

On Sat, 12 Jul 2014, Jens K. Loewe wrote: > Not sure where to leave this one (is there a separate LibreSSL mailing > iist available somewhere?), but I have just read the announcement that > LibreSSL 2.0 is available for FreeBSD too. > > Can I use it as an "in-place" replacement for my existing Open

Re: LibreSSL @ BSDCan 2014

> On May 18, 2014, at 4:18, Marc Espie > > Actually, if you were awake at the time of the talk, you probably heard > something of a distant rumble. > > Bob is the only OpenBSD developer who's a match to the humpback whale in > terms of sound carrying power. That comes from all those years of c

Re: LibreSSL @ BSDCan 2014

Saturday, May 17, 2014 7:05 PM > To: staticsafe > Cc: misc@openbsd.org > Subject: Re: LibreSSL @ BSDCan 2014 > > > Was this recorded? Is there audio or video of that online anywhere? Actually, if you were awake at the time of the talk, you probably heard something of a distant

Re: LibreSSL @ BSDCan 2014

Real actual bob becks giving real actual ssl video chat ‎http://m.youtube.com/watch?v=GnBbhXBDmwU Sent from my BlackBerry 10 smartphone on the Fido network. Original Message From: ropers Sent: Saturday, May 17, 2014 7:05 PM To: staticsafe Cc: misc@openbsd.org Subject: Re: LibreSSL @ BSDCan

Re: LibreSSL @ BSDCan 2014

Was this recorded? Is there audio or video of that online anywhere? On 18 May 2014 00:43, staticsafe wrote: > This might be of interest: > http://www.openbsd.org/papers/bsdcan14-libressl/ > -- > staticsafe > https://asininetech.com

Re: LibreSSL appreciation thread

Shut up and take my money. And keep up the great work.

Re: LibreSSL appreciation thread

> I'm sending 200 dollars... after I clear the blood from my eye sockets... Comic Sans... Now I know how the Nazis felt in "Raiders of the Lost Ark" I use it all the time to piss off hipsters too. It's a beautiful font. O.D. Ref. http://helveticafilm.com/ On 22. april 2014 at 2:10 PM, "Brya