Thanks for the tips. I thought this seemed strange, but it was the
only culprit I could produce. I had previously tried reinstalling
the binaries and had no success. I decided to try again because I
think it was the "light" installed I tried the second time. I did
the full install and it seems
OpenSSL is a library and, as such, doesn't come with its own installer
(at least not the official distribution), so question is where / what
you ran to 'install and UNinstall OpenSSL'.
On Win32/64 platforms, the problem you describe generally stems from
some uninstaller (for application XYZ) delet
Ben Dimick wrote:
I hope I'm coming to the right place for this. I installed OpenSSL
on my Vista box and found after I uninstalled that SSL no longer
worked on any of my apps besides Firefox (https on I.E., WebEx, etc).
I found this odd, but I haven't yet found a way to fix it. Is this
somethin
I hope I'm coming to the right place for this. I installed OpenSSL
on my Vista box and found after I uninstalled that SSL no longer
worked on any of my apps besides Firefox (https on I.E., WebEx, etc).
I found this odd, but I haven't yet found a way to fix it. Is this
something easy I've simply m
On Sun, Jan 11, 2009 at 3:42 PM, Steve Marquess
wrote:
> Long story short, OpenSSH really needs some source mods to gracefully invoke
> and run in FIPS mode.
Hrm ... I'd have thought that openssh would be amoong the 1st/best @ compliance.
> Several people, myself included, have created patches
>
PGNet wrote:
...
Ok.
So , e.g. (reading the UserGuide now ...), to ensure that all ssh <->
ssh comms between boxes were limited correctly to fips-only algo
usages, in "openssl.cnf", I'd specifically add:
# Openssh section
openssh_conf = openssh_options
...
[ openssh_options ]
alg_section
Frans,
The mistake in your original code is largely due to the
BIO_set_mem_eof_return(mem, 0);
call at the start as that one prevents the bio chain from signaling
'should retry' upon error conditions (such as BIO_mem becoming empty,
due to BIO_read pulling the data out of it).
Instead, things
lampa writes:
> Hello All:
> At first , I make SSL connection By OpenSSL ,and then ,I want IE can share
> this connection ,which means that IE do not need SSL authentication again
> ,so IE can connect the WEB server on the SSL tunnel.
>
> Now,SSL connection is built by OpenSSL. But ,I do not know
FIPS-capable builds are not subject to any restrictions as to the
algorithms they can implement. The only restriction is that, while in
FIPS mode (enabled by FIPS_mode_set()), the code within the
fipscanister is used for all cryptographic operations (including
encryption, decryption, hashing, and
Hi Steve,
On Sun, Jan 11, 2009 at 10:14 AM, Steve Marquess
wrote:
> Here you are presumably using a "FIPS compatible" standard OpenSSL
> distribution, i.e. 0.9.8j.
yes,
openssl version
OpenSSL 0.9.8j-fips 07 Jan 2009
> The "fips" option means "find and reference the ...
...
Clear & thoroug
PGNet wrote:
With the addition of fips object to the 'mix' of available build
options, is openssl configure with
./Configure ... enable-rc5 enable-mdc2 fips (iiuc, CHANGES' stmt that
'idea' *is* enabled by default still holds?)
sufficient to enable _all_ available algorithms, with the opti
Which source code package are you using? You cannot make a non-FIPS
version from the FIPS sources.
-Kyle H
On Sat, Jan 10, 2009 at 9:19 PM, Val Baranov wrote:
>
> Config:
> ./config --prefix=/usr/local/openssl zlib
>
> "make" completed successfully, as well as "make test".
>
> For some reas
With the addition of fips object to the 'mix' of available build
options, is openssl configure with
./Configure ... enable-rc5 enable-mdc2 fips
(iiuc, CHANGES' stmt that 'idea' *is* enabled by default still holds?)
sufficient to enable _all_ available algorithms, with the option to
disable
On Sun, Jan 11, 2009 at 7:11 AM, Steve Marquess
wrote:
> As an uncontrolled document the User Guide can contain "extraneous" detail and
> can be amended as often as necessary, and I try hard to keep it as technically
> complete and accurate as possible. So yes, the Security Policy is the
> formal
PGNet wrote:
On Fri, Jan 9, 2009 at 3:29 PM, Kyle Hamilton wrote:
If you read it, you too will see this. :)
Actually, I HAD already read section 4.2.1 of the UserGuide for *v1.2*,
"4.2.1Building the FIPS Object Module from Source
The specification of any other options on the command
I am a new user of openssl. I wonder if there is a implementation in openssl
library about the schnorr signature, thank you!
Config:
./config --prefix=/usr/local/openssl zlib
"make" completed successfully, as well as "make test".
For some reason, "make all" attempted (why?) to install FIPS:
making install in crypto/pqueue...
making install in fips...
making install in fips/sha...
making install in fips/rand...
ma
On Fri, Jan 9, 2009 at 8:18 AM, Dr. Stephen Henson wrote:
> So either use a box supporting SSE2 or use a pure C build (no-asm) which
> will have poorer performance.
config with,
./Configure shared --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \
linux-generic32 no-asm threads zlib \
enable-
Hi Kevin,
here is a good howto:
http://wiki.cacert.org/wiki/CSRGenerator?action=show&redirect=VhostsApache
The best thing is to use the SubAltName Way to set up a vhost because
most browser support this.
Cheers,
Thomas
Kevin Murphy wrote:
> Hi OpenSSL Users,
>
> I am setting up an Ubuntu 8.10
Kyle Hamilton wrote:
You're looking at the User Guide. This isn't the right thing to look
at; the relevant document (and indeed the controlling document) is the
Security Policy, http://openssl.org/docs/fips/SecurityPolicy-1.2.pdf ,
and the relevant section is Appendix A, "Installation Instruction
20 matches
Mail list logo
