Hey,
> But I have not been able to find its trail:
>
> $ cd openssl-git
> $ git pull
> Already up-to-date.
> $ grep -R -i chacha *
> $ grep -R -i poly1305 *
> $
>
> Where are the new cipher suites located in OpenSSL?
$ git checkout 1.0.2-aead
They are there... Just not me
Been doing some builds from source, following the FIPS User Guide.
Builds are successful and everything appears to work fine when pointed
at the new libs, but anything that launches and uses them gets an error
like below:
/usr/bin/python: /usr/local/ssl/lib/libcrypto.so.1.0.0: no version informati
According to
http://googleonlinesecurity.blogspot.com/2014/04/speeding-up-and-strengthening-https.html:
To make this happen, [we] began implementing new algorithms --
ChaCha 20 for symmetric encryption and Poly1305 for
authentication -- in OpenSSL and NSS in March 2013.
But I have no
As a US based organization, Apache is unsuited and (given fairly recent
public news) untrusted to have any power of a project such as OpenSSL.
Additionally, the Apache foundation has accumulated so many important
projects over the last few years that it they are becoming a single
point of failur
I've been thinking that the OpenSSL Foundation really needs to do better
than simply being open to individual funders. A lot of companies use the
libraries, and asking for some proper do-re-mi is completely kosher.
More on this later, I'm in Florida this weekend (feel sorry for me).
- M
On Fri
On 4/25/2014 3:36 PM, Salz, Rich wrote:
While we’re still waiting to hear from the core team about changes, I
might as well add to the noise and throw this out there.
Perhaps openssl should become an Apache project? Keep the foundation for
financial reasons, but use their infrastructure and such
I believe Ben Laurie committed the fix on April 23rd:
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 96ba632..8deeab3 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1055,7 +1055,7 @@ start:
{
s->rstate=SSL_ST_READ_HEADER;
"Edward Ned Harvey (openssl)"
writes:
>> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
>> us...@openssl.org] On Behalf Of Michael Wojcik
>>
>> For someone who does want more background in cryptography, I'd
>> recommend Schneier's /Applied Cryptography/ over /Cryptography
>> Engine
While we're still waiting to hear from the core team about changes, I might as
well add to the noise and throw this out there.
Perhaps openssl should become an Apache project? Keep the foundation for
financial reasons, but use their infrastructure and such. Or perhaps consider
adopting a large
