Thanks Dave,
I have approached the server operator about the security shortcomings that
you pointed out. In the interim I used your suggestion and altered the
cipher list to SSL_cipher_list DEFAULT:!ECDH.
This has sorted the problem. I am very grateful for your assistance.
Peter.
On 21 Decemb
I don’t use Fedora and track its versions, but assuming those are recent
RedHat including Fedora recently enabled ECC in its openssl packages
after years of excluding it over concerns about Certicom’s patent.
That increases the number of cipher suites in the Client Hello message
and also add
I'm testing the FIPS Capable OpenSSL library with nginx. nginx start a
master process which calls:
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
The master then starts a number of child processes. It does so by
forking without an exec (if I am reading the
Florian:
> It would be great to have a self-contained reproducer, so that
> we can test this before we enable the NSS-backed crypto
> provider in OpenJDK again. Can you use official channels for this?
I can provide you with the x86_64 openssl 1.0.2 utility I built yesterday as
the client plus a
First time trying to retro-fit an app with SSL so could use some help...
Compiling on Scientific Linux 6.4
openssl-devel 1.0.1e-15.el6_5.x86-64
#include
gcc -lssl -lcrypto-pipe -Wall -Wno-unused-parameter -ggdb3 -fPIC
-fno-strict-aliasing -rdynamic -I/opt/apps/include -D__USE_FILE_OFFSET64
First time trying to retro-fit an app with SSL so could use some help...
Compiling on Scientific Linux 6.4
openssl-devel 1.0.1e-15.el6_5.x86-64
#include
gcc -lssl -lcrypto-pipe -Wall -Wno-unused-parameter -ggdb3 -fPIC
-fno-strict-aliasing -rdynamic -I/opt/apps/include -D__USE_FILE_OFFSET64
On 12/19/2013 07:10 PM, Porter, Andrew wrote:
Florian:
By backtrace I'm guessing you mean Java debug output, below is what I get in the Tomcat
catalina.out with "JAVA_TOOL_OPTIONS=-Djavax.net.debug=ssl,handshake" set in
the script that starts Tomcat.
Problem happens with the stock OpenJDK 1.7
On 20 December 2013 09:09, Patrick McCorry wrote:
> Thanks Guys,
>
> At the moment I'm trying to distinguish if n > p, as the x co-ordinate does
> not wrap around n (so x = r in all cases) - to verify if this is always the
> case
>
n can be greater than p, e.g. see the definition of secp112r1 i
Thanks Guys,
At the moment I'm trying to distinguish if n > p, as the x co-ordinate does not
wrap around n (so x = r in all cases) - to verify if this is always the case
Sent from my iPad
> On 20 Dec 2013, at 04:16, Billy Brumley wrote:
>
> ... yet it seems you are free to use it as you pleas
