Greetings.
I wonder if session-id generator really provide uniqueness.
The def_generate_session_id check uniqueness by calling
SSL_has_matching_session_id. (ssl_sess.c)
SSL_has_matching_session_id check uniqueness by calling
lh_retrieve(ssl->ctx->sessions, &r). (ssl_lib.c)
So, if SSL_has_matchin
Hi Steve,
Thanks for your response... I've now managed to 'work around' the
cross-compilation by using the fips_standalone_sha1.exe from a win32 build
to generate the sha1 values used during the build and then disabling the
'self' tests.
The resulting libraries seem to work well for me, but do yo
dear all,
does openssl supports TLS v1.1?
if yes, from which version onwards?
Thanks in advance
San
--
Hi!
> We are using only the OpenSSL cryptographic functionality, the EVP and HMAC
> functions, in a multi-threaded application. Do we need to do anything to
> ensure thread safety ? The documentation mentions
> CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() but we are not
> calling
We are using only the OpenSSL cryptographic functionality, the EVP and
HMAC functions, in a multi-threaded application. Do we need to do
anything to ensure thread safety ? The documentation mentions
CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() but we are
not calling these function
Hello,
> One last question, can an algorithm or cipher suite be enabled or
disabled on OpenSSL by
> an user (I mean, without needing to recompile and redistribute OpenSSL
binaries)?
Yes, from server or client point of view you can control this with
SSL_CTX_set_cipher_list() function call.
Best
> The ciphers are all found in evp.h, EVP_aes_128_cbc, for example.
Is there a reason why this is undocumented?
-JP
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
In message <[EMAIL PROTECTED]> on Wed, 05 Mar 2008 10:07:18 -0500, "Brian A.
Seklecki" <[EMAIL PROTECTED]> said:
lavalamp> Architecture question:
lavalamp>
lavalamp> Do certificate serial numbers within a multi-trier
lavalamp> certificate authority chain need be globally unique?
Depends on what
I'm writing some code where I'm using the EVP encryption routines
described here:
http://www.openssl.org/docs/crypto/EVP_EncryptInit.html
I'm trying to use AES. Is AES supported through this interface? It's
not listed in the documentation as a supported cipher.
The ciphers are all found i
Is it appropriate to call the sequence
EVP_CipherInit_ex()
EVP_CipherUpdate_ex()
EVP_CipherFinal_ex()
*multiple* times between init and cleanup?
In other words, should I do this:
EVP_CIPHER_CTX_init()
EVP_CipherInit_ex()
EVP_CipherUpdate_ex()
EVP_CipherFinal_ex()
EVP_CIPHER_CTX_cleanup()
...
E
Hi,
I'm writing some code where I'm using the EVP encryption routines
described here:
http://www.openssl.org/docs/crypto/EVP_EncryptInit.html
I'm trying to use AES. Is AES supported through this interface? It's
not listed in the documentation as a supported cipher.
-JP
___
Architecture question:
Do certificate serial numbers within a multi-trier certificate authority
chain need be globally unique?
A Thunderbird user recently received the following error because his
cert serial number, as signed by one CA, matched the serial number of
the server, both of which were
Thanks very much!
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:owner-openssl-
> [EMAIL PROTECTED] On Behalf Of Shaw Graham George
> Sent: quarta-feira, 5 de março de 2008 09:51
> To: openssl-users@openssl.org
> Subject: RE: cipher algorithms
>
>
> Surely http://www.openssl.org/do
I'm new to using openssl and I need to change the cipher that is currently
being used. I'm using a product called ssl_proxy that doesn't have a config
file for changing/limiting any of these attributes. The current cipher is
aes-256 and I need to change it to something stronger with a key leng
Surely http://www.openssl.org/docs/ssl/SSL_CTX_set_cipher_list.html.
G.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Baur, Mateus
(Brazil R&D-CL)
Sent: 05 March 2008 12:25
To: openssl-users@openssl.org
Subject: RE: cipher algorithms
Yes, I know yo
Yes, I know you can enable/disable the algorithms at build time. However, my
question is if a user could enable/disable an algorithm when the library is
already built (even by the application using OpenSSL or some generic
configuration of OpenSSL).
I thought there was actually no way to do that
> Thanks Marek!
>
> One last question, can an algorithm or cipher suite be enabled or
> disabled on OpenSSL by an user (I mean, without needing to
> recompile and redistribute OpenSSL binaries)?
You can definitively disable an algorithm by not including it in the
libraries. Most programs that use
Hello everybody,I have a doubt about how to use the AES_ctr128_encrypt()
function.
If i want to use this function to decrypt, how should be iniziled the *num
argument? Has the result the same size as the input (length,third argument)?
Thanks for your help!
___
Thanks Marek!
One last question, can an algorithm or cipher suite be enabled or disabled on
OpenSSL by an user (I mean, without needing to recompile and redistribute
OpenSSL binaries)?
Regards,
Mateus
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:owner-openssl-
> [EMAIL PROTEC
Hello,
> I have some doubts regarding OpenSSL cipher algorithms and I was
wondering if someone
> could help me with that.
>
> 1) If my understanding is correct, the client sends the list of
supported cipher
> algorithms and the server will choose one algorithm of such list in
order to
20 matches
Mail list logo
