SSL Handshake difference between 0.9.8g v/s 1.0.0e

2014-01-16 Thread Rohit Bansal
Hi, I am migrating my application from 0.9.8g to 1.0.1e and using an external session cache for ssl session renegotiation. I notice slight performance degradation when running 1.0.1e When i debug using ssldumo here is what i observe: *0.9.8g* New TCP connection #6: localhost.localdomain(59162)

Re: CVE-2013-6450 and 0.9.8-line

2014-01-16 Thread no_spam_98
Oh, okay.  Thank you for that tidbit. If not a DoS, how does the issue manifest itself in 0.9.8 if an adversary uses/attempts to use the flaw? Thanks.  - Original Message - > From: Dr. Stephen Henson > To: openssl-users@openssl.org > Cc: > Sent: Thursday, January 16, 2014 12:22 PM >

Re: Cross compiling 1.2.2 for the Analog Devices Blackfin

2014-01-16 Thread mikec
OK, for some reason, our objects start with _: _FINGERPRINT_ascii_value=000D5B7C _FIPS_rodata_start=000CFF64 _FIPS_text_start=0003CCF0 _FIPS_rodata_end=000D5238 _FIPS_text_end=000622A8 _FIPS_signature=00107D30 I added sed -e 's/^_//g' to the objdump line and I'm now getting: TARGET: elf32-bfinfd

Re: CVE-2013-6450 and 0.9.8-line

2014-01-16 Thread Dr. Stephen Henson
On Thu, Jan 16, 2014, no_spam...@yahoo.com wrote: > It is my understanding that 0.9.8y contains the DTLS retransmission flaw > described in CVE-2013-6450. > It contains the flaw but it is not a DoS issue in 0.9.8. It's not a trivial fix for 0.9.8 because the DTLS record handling changed in 1.0.

Cross compiling 1.2.2 for the Analog Devices Blackfin

2014-01-16 Thread mikec
Hi folks, Similar to an email just sent, I'm trying to cross compile (except for an Analog Devices Blackfin, uclinux based, little-endian). We're stuck with openssl 0.9.8, so I'm trying to build openssl-fips-1.2.2. Here's the steps being executed for openssl-fips-1.2.2: (set -e ; \

CVE-2013-6450 and 0.9.8-line

2014-01-16 Thread no_spam_98
It is my understanding that 0.9.8y contains the DTLS retransmission flaw described in CVE-2013-6450. I thought I read somewhere that OpenSSL.org is working on a 0.9.8za release to address this issue (and other bug fixes). Is that correct?  If so, what is the release schedule? Thanks.

Re: Diffie hellman - Open SSL Client and C# Server

2014-01-16 Thread ET
On 15 Jan 2014, at 2:39 PM, cvishnuid wrote: > May i know the packet structure openssl uses for exchanging public parameters If you mean the actual packets exchanged then the SSL/TLS RFCs and/or any good book on the subject will show the format of the ServerKeyExchange and ClientKeyExchange

Re: Diffie hellman - Open SSL Client and C# Server

2014-01-16 Thread cvishnuid
May i know the packet structure openssl uses for exchanging public parameters -- View this message in context: http://openssl.6102.n7.nabble.com/Diffie-hellman-Open-SSL-Client-and-C-Server-tp47524p48157.html Sent from the OpenSSL - User mailing list archive at Nabble.com. _