On 31 May 2013 21:07, Matt Caswell wrote:
> On 31 May 2013 16:42, Jakob Bohm wrote:
>> Interesting, I don't seem to be able to find code that calls dh_check
>> or equivalent on received DH group parameters, but then the check in
>> that function is too strict in its criteria (for instance, some
>
> From: owner-openssl-us...@openssl.org On Behalf Of Brice André
> Sent: Friday, 31 May, 2013 06:00
> The problem seems indeed to be located in the call to
> X509_STORE_CTX_get1_issuer. In this function, the function
> X509_STORE_get_by_subject returns an error. When digging into this
> code, the
On 31 May 2013 16:42, Jakob Bohm wrote:
> Interesting, I don't seem to be able to find code that calls dh_check
> or equivalent on received DH group parameters, but then the check in
> that function is too strict in its criteria (for instance, some
> standards (such as X9.42 and NIST SP 800-56A) r
hi Kshirsagar,
I am into the same scenario, can you tell me at which end you are setting
the cipher list? Do we have to make changes on client application end ?
The parameters you mentioned, SSL_DEFAULT_CIPHER_LIST, can be seen on server
end , into openssl ssl.h file. Could you describe what chang
Hi,
I'm on Mac running OS X 10.8.3 and have 2 versions of openssl installed:
Default: OpenSSL 0.9.8r 8 Feb 2011
Homebrew: OpenSSL 1.0.1e 11 Feb 2013
My most recent version of ruby (1.9.3-p429) is linked with Homebrew's openssl
and that's when I noticed I began having connection problems to a pa
On 5/31/2013 3:41 PM, Matt Caswell wrote:
On 31 May 2013 10:58, Jakob Bohm wrote:
According to a server testing service I have tried, OpenSSL 0.9.8
fails to reject degenerate ephemeral DH keys, while OpenSSL 1.0.0
does this rejection. They do not provide a CVE number for this
issue, and I cann
On 31 May 2013 10:58, Jakob Bohm wrote:
> According to a server testing service I have tried, OpenSSL 0.9.8
> fails to reject degenerate ephemeral DH keys, while OpenSSL 1.0.0
> does this rejection. They do not provide a CVE number for this
> issue, and I cannot find it in the OpenSSL CHANGES fil
Hello Dave,
Thanks for this info.
I compiled my own openssl lib with debug support and started debugging.
The problem seems indeed to be located in the call to
X509_STORE_CTX_get1_issuer. In this function, the function
X509_STORE_get_by_subject returns an error. When digging into this
code, the
According to a server testing service I have tried, OpenSSL 0.9.8
fails to reject degenerate ephemeral DH keys, while OpenSSL 1.0.0
does this rejection. They do not provide a CVE number for this
issue, and I cannot find it in the OpenSSL CHANGES file for 1.0.0
(as that is the version they mention
Thanks for the reply. Using a lower version of TLS solved it for us.
//Toland (^_^x)
On May 30, 2013, at 10:29 PM, Dave Thompson wrote:
>> From: owner-openssl-us...@openssl.org On Behalf Of Toland Hon
>> Sent: Thursday, 30 May, 2013 22:22
>
>> I'm on Mac running OS X 10.8.3 and have 2 versions
10 matches
Mail list logo
