openssl with fips for Solaris 10 SPARC architecture

2013-10-27 Thread Abdul Anshad
Hello all, Could anyone please explain me the whole process for building FIPS capable openssl on solaris 10 SPARC architecture ? Thanks in advance. -- Regards, Abdul __ OpenSSL Project http://

Fwd: openssl with fips for Solaris 10 SPARC architecture

2013-10-27 Thread Abdul Anshad
Hello all, Could anyone please explain me the whole process for building FIPS capable openssl on solaris 10 SPARC architecture ? Thanks in advance. Regards, Abdul. __ OpenSSL Project http://www

RE: OpenSSL and DH parameters

2013-10-27 Thread Dave Thompson
> From: owner-openssl-users On Behalf Of Patrick Pelletier > Sent: Friday, October 25, 2013 02:53 > On 10/24/13 1:59 PM, Dave Thompson wrote: > > > (For EC, the specified curve must also be acceptable to client(s) per > > ClientHello extension, > > which encourages using the callback or choosing

RE: Disabling Client Initiated renegotiation in 0.9.8

2013-10-27 Thread Dave Thompson
I don't see any 'proper' way to disable only client renegotation, in any version. It looks like you could set OP_NO_RENEGOTIATE_CIPHERS and then bypass the check in SSL_renegotiate -> ssl3_renegotiate by doing the simple-ish equivalent yourself. But that's (1) not tested (2) *really* ugly and (

RE: OpenSSL and DH parameters

2013-10-27 Thread Dave Thompson
> From: owner-openssl-users On Behalf Of Viktor Dukhovni > Sent: Friday, October 25, 2013 09:46 > On Fri, Oct 25, 2013 at 06:35:08AM -0700, LN wrote: > > > I mean in a typical usage of OpenSSL is it mandatory to call > > SSL_CTX_set_tmp_dh() if I call SSL_CTX_use_certificate() > > and SSL_CTX_use

RE: OpenSSL, Windows, Perl

2013-10-27 Thread Dave Thompson
Two minor runtime tools use perl: c_rehash and CA.pl . You can easily enough accomplish the functionality of these tools without perl if you need it. From: owner-openssl-us...@openssl.org [ mailto:owner-open

FIPS certified version of OpenSSL on HP-UX I64

2013-10-27 Thread Sg, Prasad (STSD)
Hi, I am trying to get a FIPs certifier version of openssl built on HP-UX I64 11.31. The build of FIP's module is successful and i could even use it to build openssl (libcrypto.so.1.0.0). I was looking if anybody could check the steps used and confirm that the final built openssl is can be state