On Fri, Jan 17, 2014 at 06:05:37PM -0800, Jeff Franklin wrote:
> Our Windows servers only go up to TLSv1, and the key indication of a
> failed connection is that openssl s_client will claim that 'Secure
> Renegotiation IS NOT supported'. However, if I use openssl-1.0.0k
> against the same server i
Hello,
Our organization just switched some of our environments to using
openssl-1.0.1e, and since doing so connections from those machines to our
Windows servers fail where they used to succeed. I've done some
investigation into openssl and I have the problem narrowed to the list of
cipher su
Hi all,
I am trying to load the name and value of an X509 extension programmatically
via the API (in other words, the openssl.cnf file isn't being used), and I am
struggling with openssl telling me that the tag doesn't exist.
The extension I want to load has the name "keyUsage" and value
"nonR
Hi folks,
I've patched fips_canister.c to properly retrieve the blackfin
instruction pointer. When I run openssl on the target now, I now get
reasonable numbers (though they still don't match incore).
===
root:/> OPENSSL_FIPS=1 openssl ciphers
Hi Stacy, sorry, should have included that:
On Fri, Jan 17, 2014 at 12:17 PM, Stacy Devino wrote:
> Are you compiling for the uclinux distro or something similar?
ucLinux -- 2.6.34
> Are you using the 16 or 32-bit arch?
The blackfin is a 32-bit little-endian machine
> Are you utilizing the
Are you compiling for the uclinux distro or something similar?
Are you using the 16 or 32-bit arch?
Are you utilizing the DSP or trying to?
It might be nice to know more about the parameters you are passing to the
compiler and what compiler that you are using.
My area is in primarily ARM device
On Fri, Jan 17, 2014 at 11:16 AM, Viktor Dukhovni
wrote:
> On Fri, Jan 17, 2014 at 09:57:00AM -0500, Jeffrey Walton wrote:
>
>> > BN_CTX_init() (deprecated) initializes an existing uninitialized
>> > BN_CTX. This should not be used for new programs. Use BN_CTX_new()
>> > instead.
>>
>> Odd its sti
On Fri, Jan 17, 2014 at 09:57:00AM -0500, Jeffrey Walton wrote:
> > BN_CTX_init() (deprecated) initializes an existing uninitialized
> > BN_CTX. This should not be used for new programs. Use BN_CTX_new()
> > instead.
>
> Odd its still being used in the source code.
Not that odd. Libraries are fr
Hi folks,
I'm almost out of my depth, and really need help on the next step.
I've that the in-system fingerprint comparison fails with a
"FINGERPRINT_premain: FIPS_signature mismatch" error
incore DEBUG=1 output gives:
=
TARGET: elf32-bfinfdpic
Hi,
I write a SSL server, enable zlib, TLS 1.0/1.1/1.2, can I check the
client use which TLS protocol, or whether the client use zlib
compression ?
Thanks,
Dongsheng
__
OpenSSL Project http://www.o
On Fri, Jan 17, 2014 at 4:38 AM, Carl Young wrote:
> ...
> I would say that BN_CTX_init() is deprecated and you should be using BN_CTX *
> ctx = BN_CTX_new();
Yeah, it works with BN_CTX *. I was hoping to keep out of the memory
manager since it seems like a waste when it can be placed on the
stac
Hi,
I write a SSL server, enable zlib, TLS 1.0/1.1/1.2, can I check the
client use which TLS protocol, or whether the client use zlib
compression ?
Thanks,
Dongsheng
__
OpenSSL Project http://www.o
[Sorry for top-post - Outlook Web Client]
I would say that BN_CTX_init() is deprecated and you should be using BN_CTX *
ctx = BN_CTX_new();
Indeed, https://www.openssl.org/docs/crypto/BN_CTX_new.html says
BN_CTX_init() (deprecated) initializes an existing uninitialized BN_CTX. This
should not
On Thu, Jan 16, 2014 at 10:35:41AM +, Nischal wrote:
> We are using openSSL in OpenAT-FXT modem. the version used is 0.9.8h. When I
> am calling function to generate keys, it goes into infinite loop inside the
> function and system got crashed.
You should be using OpenSSL 0.9.8y, or if possib
Thanks Steve. Issue is fixed please ignore my previous email.
--
View this message in context:
http://openssl.6102.n7.nabble.com/DH-compute-key-query-tp13943p48186.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
_
Hi,
I also experienced going into an infinite loop using
BN_generate_prime_ex() function.
I my case it was because I didn't fully understand how to use 'add' and
'rem' parameters.
I am now assuming they should be used as in dh_builtin_genparams(), in
dh_gen.c.
I am not qualified to discuss ho
it is BIGNUM->d not DH->d
--
View this message in context:
http://openssl.6102.n7.nabble.com/DH-compute-key-query-tp13943p48184.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project
Steve,
It is word aligned. I tried different ways to prepend the value in DH->d but
it is not working. When I dump the memory it shows leading zeros but when I
print the same DH->d using BN_print_fp it does not show zeros which is
expected but leading zeros are not increasing the num_bytes (BN_num
I'm trying to declare a BN_CTX on the stack (with a subsequent call to
BN_CTX_init) to stay out of the memory manager.
When I do, I get an error:
aggregate ‘BN_CTX’ has incomplete type and cannot be defined
I've included , so I'm kind of surprised I can't
compile. ( has some typedefs and com
Hi,
We are using openSSL in OpenAT-FXT modem. the version used is 0.9.8h. When I
am calling function to generate keys, it goes into infinite loop inside the
function and system got crashed.
By entering traces, I checked the flow of code
Code is given below
const int kBits = 4096;
RSA *rsa = RS
20 matches
Mail list logo
