On Wed, Nov 13, 2013, Vuille, Martin (Martin) wrote:
> Collected performance numbers using "openssl speed" for two copies of OpenSSL
> 1.0.1e,
> one built as FIPS-capable, the other not, running on an ARMv6. I am having a
> hard time
> understanding the differences I observed and would appreciat
Collected performance numbers using "openssl speed" for two copies of OpenSSL
1.0.1e,
one built as FIPS-capable, the other not, running on an ARMv6. I am having a
hard time
understanding the differences I observed and would appreciate any insight.
Non-FIPS Capable
# openssl speed aes
Type
We have a cross platform client application based on Trolltech/Nokia/Digia Qt
that uses a secure socket for JSON. It works perfectly well on OSX, and works
on most Windows installations. The libs libeay32.dll and ssleay32.dll are
located in the same directory as all the apps libraries.
However,
Two weeks ago Viktor Dukhovni wrote:
> Actually, SHA-2 SHOULD NOT (yet) be used for signing certificates.
>
> Many TLSv1 clients don't support SHA-2 and servers must present
> SHA-1 certificates except when TLSv1.2 clients indicate SHA-2 support.
> Fielding multiple certificates with different
>
I've noticed what appears to be a bug in the OpenSSL 1.0.1e 586
assembly-optimized AES_cbc_encrypt function when encrypting data that is> 1
block in length, but not an integral multiple of the block size. Specifically
it appears that when encrypting the partial-block "tail", the block is XOR-ed
On Tue, Nov 12, 2013, Alok Sharma wrote:
> One of the openSSL vulnerabilities is:
>
> CVE-2013-0169:
>
> The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used
> in OpenSSL, , do not properly consider timing side-channel attacks on a MAC
> check requirement during the process
On Tue, November 12, 2013 05:47, Alan Jakimiuk wrote:
> Is there a way I can make all three linked?
this should be the default.
> ie. Cert A->Cert B->Cert C in the certification path?
> Any help would be appreciated
>
can you view the certificates?
openssl x509 -noout -text -in certfile
you sho
> From: Dave Thompson
> >
> > Yes, the server has a custom root cert that isn't installed on this
> machine. I am happy that the server cert is correct.
> >
> For testing that's okay, but I hope in real use you are verifying.
> Otherwise an active attacker may be able to MITM your connections.
Pr
btw, you just have to do nmake -f ms\ntdll.mak install under openssl-fips,
it'll copy files to \usr\local\ssl\fips-2.0 in the correct file structure.
--
View this message in context:
http://openssl.6102.n7.nabble.com/Compiling-openssl-fips-in-Windows-tp43439p47313.html
Sent from the OpenSSL -
I'm compiling and linking dynamic library and adding both /DYNAMICBASE:NO and
/FIXED to LFLAGS in ms\ntdll.mak doesn't work for me. I've to add /FIXED to
this line
$(FIPSLINK) $(MLFLAGS) /map /fixed /base:$(BASEADDR) /out:$(O_CRYPTO)
/def:ms/LIBEAY32.def @<< $(SHLIB_EX_OBJ) $(CRYPTOOBJ) $(O_FIPSC
Hi there!I am trying to create my own CA, but am having some small issues:I can
create the root CA, then an intermediate CA, both of these are linked correctly
in the certification path ie. it shows that Cert B was signed by Cert A, but
when I sign a certificate with the IA (Cert B) the signed c
11 matches
Mail list logo
