> How would one normally go about loading things like server keys if
> those have to be encrypted as well?
Ideally, they would be stored in a FIPS-approved security token. Otherwise,
I'm not aware of any FIPS-approved algorithm for encrypting keys other than
AES wrap (RFC3394). I'd love to hear
Whoops, I really should have sent this here rather than openssl-dev.
According to the Security Policy v1.1.1: Secret or private keys that
are input to or output from an application must be input or output in
encrypted form using a FIPS Approved algorithm. Note that keys
exchanged between the app
> I see this error in my web server log when I try to connect
> using IE or Firefox. Does anybody know why this could be happening ?
> 04/15/2007 03:36:22.22 SSL_accept failed -
> error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
> 04/15/2007 03:35:52.08 SSL_accept failed -
On Sat, Apr 21, 2007 at 07:45:24AM -0700, Edward Chan wrote:
> Excuse my ignorance, but isn't TLS a protocol, whereas DH an algorithm?
Exactly, so the protocol has known on-the-wire characteristics, but the
algorithm is a building block, and you have to build the protocol yourself,
and in some ra
Excuse my ignorance, but isn't TLS a protocol, whereas DH an algorithm?
Even if TLS is used, if it does a DH key exchange, I think I would still
have the same interop problems. I'm basically testing interop of
different crypto libs.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAI
I thought I tried this, but let me try again.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christophe Devine
Sent: Saturday, April 21, 2007 2:03 AM
To: openssl-users@openssl.org
Subject: Re: BIGNUM library
Edward Chan <[EMAIL PROTECTED]> wrote:
> But
Edward Chan <[EMAIL PROTECTED]> wrote:
> But I think this always returned me 128 bytes. So am I supposed to
> bzero the output buffer first?
Here's how I fixed the bug (not very elegant, it was a quick hack)
int i, ret = DH_compute_key(secret, pkey, m_dh);
if( ret > 0 && ret < 128 )
